Govt seeks report on debit card security breach, promises swift action
The government has sought a report on the debit card data compromise issue, finance minister Arun Jaitley said on Friday, adding that the idea was to contain any damage caused by the feared breach.business Updated: Oct 22, 2016 00:18 IST
The alarm over compromised bank debit cards grew louder on Friday as top finance ministry officials moved to unearth the source of the breach, asking 19 affected banks as well as the Reserve Bank of India to submit a report.
Several banks, including the State Bank of India, have advised customers to change their personal identification numbers. The banks have recalled thousands of debit cards and blocked others that they fear have been hacked.
The breach is thought to have been caused by malware introduced in the Hitachi Payment Services system. Malware is defined as software specifically designed to intrude into computer systems.
“The government is looking into the matter and reports have been sought,” said finance minister Arun Jaitley on the sidelines of an event in New Delhi.
GC Murmu, additional secretary in the financial services department, told HT that Hitachi Payment Services are deployed by several white label ATMs. And all debit card holders who used these ATMs between May to September stood the chance of their information being compromised.
Loney Antony, Managing Director of Hitachi Payment Services denied any breach, saying that their audit last month did not find anything, though a thorough investigation is underway.
Economic affairs secretary Shaktikanta Das said the government will act once it knows the point of origin of the breach.
“Based on the RBI report and the report of the banks we will know exactly what has happened. In the cyber world the trail will always be there,” he told HT.
“It will be our effort to locate the exact trail and locate the point of origin. The government will definitely act on this.”
Murmu said he expects the banks and the RBI to send their report in a month.
But Murmu played down the alarm and said: “Of the 700 million debit card holders in India, only about 600 have been affected. The measure by banks such as SBI to block the debit cards is just a precautionary measure so that no other customer is impacted.”
Top sources with knowledge of the matter said 90 ATMs have been identified which might have been impacted by the malware attack. And 3.2 million debit card holders have used these ATMs.
Most of these cards belong to banks such as SBI, HDFC Bank, ICICI Bank and Yes Bank.
SBI has already taken the precautionary measure of recalling more than 600,000 debit cards.
There is fear that the security breach could have spread to payment networks such as Visa and MasterCard.
While Mastercard denied any breach and is working on investigations, Visa said it has been informed that some of these accounts have been fraudulently used for overseas transactions.
Meanwhile, the complaints of fraudulent withdrawal are limited to cards of 19 banks and 641 customers with the total amount involved being ₹1.3 crore, National Payments Corporation of India said in a statement (NPCI). NPCI is the umbrella organisation of all retail payment systems in India.