ADVERTISEMENT

Debit Card Data Breach: Finance Ministry Expects Report In 10 Days

Finance ministry looks for leads in India’s biggest ever debit card breach.



People exercise on King’s Way boulevard outside the North Block of the Central Secretariat building, which houses the Ministries of Finance and Home Affairs (Photographer: Prashanth Vishwanathan/Bloomberg)
People exercise on King’s Way boulevard outside the North Block of the Central Secretariat building, which houses the Ministries of Finance and Home Affairs (Photographer: Prashanth Vishwanathan/Bloomberg)

The finance ministry has asked various agencies, including RBI, which are looking into the largest banking security breach involving over 32 lakh debit cards, to submit their report in 10 days.

The result of the technical enquiry is expected in the next 8-10 days, an official in the finance ministry said. It will also give the ministry a lead as to where hacking or compromise took place, he added.

Earlier this week, Finance Minister Arun Jaitley had said the government asked RBI and banks to provide details of the data breach and also banks' preparedness to deal with cyber crimes.

As many as 32.14 lakh debit cards of various public and private sector banks are feared to have been 'compromised' by cyber malware attack in some ATM systems.

Several banks, including state-owned SBI, have recalled a number of cards while many others blocked the ones suspected to have been compromised and asked their customers to change their PIN (personal identification number) before use.

Fraudulent withdrawals have been reported from 19 banks so far while complaints have been received from a few banks that their customers' cards were used fraudulently abroad, mainly in China and the U.S. while the customers were in India.

According to the National Payments Corporation of India, as many as 641 customers across 19 banks have been duped of Rs 1.3 crore using stolen debit card data.

The government asked regulator Reserve Bank of India (RBI) as well as banks to provide details of the data breach and also preparedness to deal with cyber crimes.

There are around 60 crore debit cards operational in India, of which 19 crore are indigenously developed by RuPay while the rest are Visa- and MasterCard-enabled.

Of the debit cards affected, about 26.5 lakh are on Visa and MasterCard platforms while 6,00,000 are on RuPay. The breach reportedly involved some 90 ATMs.

While Visa and MasterCard, in separate statements, have stated that their own networks had not been compromised, Hitachi subsidiary Hitachi Payment Services, which manages some of the ATM network processing, was investigating the matter, including whether there was a malware problem.

The Hitachi ATMs deployed by many white label ATM players and Yes Bank were impacted by the malware while usage at other ATMs were completely secured.

While Visa and MasterCard, in separate statements, have stated that their own networks had not been compromised, Hitachi subsidiary Hitachi Payment Services, which manages some of the ATM network processing, was investigating the matter, including whether there was a malware problem.