Finance ministry says 99.5% debit cards safe, unaffected by data breach - Hindustan Times
close_game
close_game

Finance ministry says 99.5% debit cards safe, unaffected by data breach

ByPTI, New Delhi
Oct 21, 2016 09:13 AM IST

The finance ministry on Thursday said debit cards are “completely safe” and there is no need to panic over the feared security breach that affected over 32 lakh cards.

The finance ministry on Thursday said debit cards are “completely safe” and there is no need to panic over the feared security breach that affected over 32 lakh cards.

The finance ministry on Thursday said debit cards are ’completely safe’ and there is no need to panic.(Shutterstock)
The finance ministry on Thursday said debit cards are ’completely safe’ and there is no need to panic.(Shutterstock)

“Only about 0.5% of the total debit card details were compromised while remaining 99.5% cards are completely safe and bank customers should not panic,” department of financial services additional secretary GC Murmu told PTI.

Hindustan Times - your fastest source for breaking news! Read now.

There are around 60 crore debit cards operational in India, of which 19 crore are indigenously developed RuPay cards while the rest are Visa- and Master Card-enabled.

Since the data compromise took place from specific machines within a particular time period, it is just a limited issue and banks have asked their affected customers to replace their card or change their PIN, Murmu said, adding that other cards are not affected at all.

In a message to its customers, Canara Bank said: “In view of security reasons...Please change the ATM PIN immediately. In case not adhered to, we will be blocking the existing card on 21-OCT-2016.”

Read | Mastercard says its own systems have not been breached

Murmu said data of the users who have transacted from Hitachi ATM machines have been compromised during the month of May, June and July. The Hitachi ATMs, he added, deployed by many White Label ATM and Yes Bank were impacted by a malware, but other ATMs were completely safe.

The extent of financial loss due to the breach is still being collated.

The genesis of the problem was receipt of complaints from a few banks that their customer’s cards were used fraudulently, mainly in China and the US when the customers were in India, NPCI said in a statement.

Apprehending that this could be a case of card data compromise, all the ATMs / PoS terminals in India and three card networks — RuPay, Visa and MasterCard worked together in September. It was established a compromise at one of the payment switch provider’s system had taken place.

Based on the findings, NPCI and other schemes identified the period of compromise and the affected cards.

Read | Amid debit card security breach, victims of ATM frauds tell their tales

Though there were no complaints from any of the RuPay cardholders, NPCI as a domestic utility for ATM payments has taken the lead role for proactive steps in discussing the matter with various banks and card networks.

The complaints of fraudulent withdrawals are limited to cards of 19 banks and 641 customers, NPCI statement said, adding that the total amount involved is Rs 1.3 crore as reported by various affected banks.

Cards of all these complainants are related to other card schemes and there is no RuPay cardholder who had lodged any complaint for such fraudulent usage, it said.

Murmu said all the affected banks have been alerted by all card networks that a total card base of about 32.14 lakh could have been possibly compromised. Out of this, 6 lakh are RuPay cards.

“It was suspected that a compromise was at switch level which is PCI-DSS certified. Hence, subsequently PCI Council (the international body which sets standards on for PCI–DSS) was persuaded to conduct a forensic audit of the switch of one bank which is likely to be the point of compromise. The forensic study is in progress and NPCI is in touch with relevant stakeholders,” he said.

Read | This is how an ATM virus compromised 3.2 million debit cards in India

NPCI is closely working with all stakeholders and once the forensic investigation is over and the root cause is identified, we will issue a further set of recommendations as precautionary measures to member banks, he added.

According to Yes Bank statement, it has proactively undertaken a comprehensive review of its ATMs, and there is no evidence of a breach or compromise on the bank’s ATMs.

“We would like to inform that the possible breach of information of debit cards has taken place in the ATM network of another bank. As a precautionary measure, the PINs of debit cards used at the ATMs of that bank have been changed. This has been done in order to protect our customers from any potential fraudulent transaction,” ICICI Bank said.

Even HDFC Bank said the bank’s systems detected a potential compromise of debit cards arising from usage at a non-home ATM network a few weeks ago.

“We immediately notified customers who we knew had used a non-HDFC Bank ATM in the recent past to change (their) ATM PIN. We take this opportunity to stress that all our customers use HDFC Bank ATMs only and also change ATM PINs from time to time to prevent misuse,” the bank said in a statement.

Read | ATM virus attack: Dos and don’ts for debit card holders

Unlock a world of Benefits with HT! From insightful newsletters to real-time news alerts and a personalized news feed – it's all here, just a click away!- Login Now!
Stay informed on Business News along with Gold Rates Today, India News and other related updates on Hindustan Times Website and APPs
SHARE THIS ARTICLE ON
Share this article
SHARE
Story Saved
Live Score
OPEN APP
Saved Articles
Following
My Reads
Sign out
New Delhi 0C
Tuesday, March 19, 2024
Start 14 Days Free Trial Subscribe Now
Follow Us On