More than 40 J&K Bank credit cards, supported by Mastercard, were cloned and misused in foreign countries in just two months, triggering a major security alert. Besides, several dozens of credit cards were hot-listed after a US federal agency seized a laptop with databank of India customers.
The Jammu and Kashmir police's cyber cell received around 40 cases where Mastercard-supported credit card details were compromised in November-December of 2012, the highest ever frequency for the bank for such a short period.
Sources said online hackers were able to shop for R12 lakh apparently in the United Arab Emirates (UAE), using servers located there or as far as Russia. Most shopping would take place during the daytime of the UAE and when it would be night time for J&K Bank customers in Kashmir.
The cyber police have failed to track a single hacker or identify any individual or group behind the major security breach of Mastercard data bank abroad in the past nine months. The police failed to even zero in on the exact places where the fraud shopping took place.
The ill-equipped cyber police staff was requested by the bank to participate in the two-day conference on September 13-14 in Srinagar where information security top notches of different banks from across the country converged to discuss general security upgrade and challenges. The banks are working on a matrix of security layer to pre-empt any online attempt to breach the security layer and also set new standards for security measures for banking.
"The banking security is an ever evolving game where for every layer of virtual protection of the banks generated, malwares are worked upon by hackers," said a senior bank official on condition of anonymity.
This year, J&K Bank unleashed the first ever major hot-listing exercise, where the bank blocked credit cards transactions after suspecting breach of security, between May and July and knocked down cards in huge numbers, which runs in hundreds.
This major hot-listing, a pre-emptive exercise to safeguard customers, came in the wake of a federal agency in the United States (US) seizing a laptop with huge databank of Mastercard holders, which included customers from Jammu and Kashmir too.
J&K Bank officials refuse any security compromise at their end for the credit card transactions last year.
"There was no compromise in our security. We are complying with the Payment Card Industry Data Security Standards, which are the best globally. We have an alert and active security system. Any breach, if it ever happens, is detected and addressed quickly," said J&K Bank's chief information system officer Khalid Muzaffar.
Muzaffar blames poor credit card practises among customers and ever-increasing phishing sites for the misuse, which he described as "normal crime reported everywhere".
"Most customers fall prey to phishing sites and honey-traps where in they put in their credit card details. We need to avoid poor e-commerce sites, fake ones and ensure that credit card used while shopping is in safe hands. One should avoid handing over the credit card to people and ensure transaction in front of them," he added.
The bank, which carried a massive awareness campaign this year on use of credit cards, has in the recent months knocked down 57 phishing sites set up in its name.
As a major security overhaul, the bank, since August this year, started two-layer security cover for e-banking. Besides customer-generated password, the bank now offers one-time PIN which changes with each transaction. For credit cards, 3-D security is in place to plug the holes now.