Some 3.2 million debit cards issued by India’s biggest banks have been exposed to a malware-induced security breakdown, but the actual number could be much more.
Most of these cards belong to State Bank of India (SBI), HDFC Bank, Yes Bank and ICICI Bank.
Of the 3.2 million, 2.6 million are said to be on the Visa and MasterCard platform, and 600,000 on the RuPay platform.
Top officials of the National Payments Corp of India (NPCI) said the investigation into the malware attack on Hitachi Payment Services is in its initial stages, so the extent of the danger is yet to be ascertained.
According to reports, the breach is said to have originated in malware introduced in Hitachi Payment Services system. This leads to data being compromised, which poses the danger of theft. Hitachi provides ATM, point of sale (PoS) and other services.
Malware is defined as a software specifically designed to intrude into computer systems. “The basic nature of malware is that it spreads after the first attack,” explains Vidit Baxi, director of technology at Lucideus, a cyber security company. It is too early to understand what-all data this malware was designed to steal, he added.
“Some 3.2 million cards have been suspected to be compromised. As a precautionary measure, all banks have blocked the cards and have asked customers to change the PIN or hotlist the card and re-apply at the branch,” an NPCI official said.
He did not rule out the malware spreading to other payment networks as well.
“This happened a month ago and a couple of private banks have informed us of the security breach,” said Loney Antony, MD, Hitachi Payment Services.
“We conducted the audit last month and have found no breach. We have informed banks and they have taken action. Another report will be out in November,” he added.
While Mastercard denied any breach and is working on investigations, Visa said it has been informed that some of these accounts have been fraudulently used for overseas transactions.