Why Banks Are Urging You To Change Your ATM PIN?
Banks have stepped up communication with customers, asking them to change their ATM PINs.
If you bank with one of the large private or foreign banks, chances are that you have been getting messages and emails asking you to change your ATM PIN number. The messages have been persistent and frequent.
They read something like this:
We would like to keep you informed about the increased instances of ATM frauds across banks in India recently. We recommend that you exercise caution in this regard. For the security of your account, we would recommend that you visit our ATMs or call our helpline and change your debit card PIN...Bank Alert
If you ignore the message, you’ll get an email and in some cases even a call. Some banks are even advising you to use ATMs only of the bank you have an account with as a safety precaution.
While most banks typically send cautionary messages to ensure safety of customer accounts, the frequency of communication, at least in some areas, has increased in recent weeks.
Are you wondering why?
This is on account of suspicious activity noticed by banks over the past two months, said at least three people familiar with the situation. Banks noticed that debit cards of some customers were being used in China even though the customers were in India and had the cards in their possession. These instances were first reported on September 18 by The Times of India.
When enough such instances were seen across different banks, alarm bells starting ringing.
A preliminary audit conducted by some banks threw up the possibility of a security breach at an ATM of Yes Bank, said one of the people quoted above. Since customers can now withdraw cash from the ATM of any bank as opposed to ATMs belonging only to their respective bank, it was feared that debit cards across banks could be at risk, this person said. Some fraudulent transactions have gone through, others have been blocked. BloombergQuint could not determine the quantum of fraudulent transactions that may have taken place.
Yes Bank, on its part, has denied any breach.
“There is NO security breach or compromise noticed on YES BANK ATMs. YES BANK has also proactively undertaken a comprehensive review of its ATMs to rule out any compromise,” said a spokesperson for YES Bank.
“ As a precautionary measure to ensure security & safety, YES BANK has advised its customers to change their debit card PINs. YES BANK continues to work with relevant stakeholders, other banks to ensure security of its ATMs and payment services,” the spokesperson added.
An email sent to the Reserve Bank of India asking whether it had sought a report on the suspected security breach was not answered.
What Could Have Happened?
Banks are tight-lipped about what actually happened. However, a common kind of ATM fraud is something known as ‘cloning’ or ‘skimming’. As part of this, fraudsters would place a skimming device in an ATM which is capable of capturing the data on your debit card including that stored on the magnetic strip behind your card. The PIN number you type in can be accessed through a keystroke capturing device or even through a CCTV camera.
By doing this at an ATM, the fraudster can get access to information on a number of cards and then proceed to replicate and use them.
Other ways that your card can be cloned include when you hand your card over for swiping at restaurants and petrol stations. Fraudsters can also hack into frequently used websites which give customers the option to save their credit and debit card information. In these cases, however, the password needed for online transactions can act as a second line of defence.
“We have historically seen ATM card compromise happen at endpoints (ATM machines) through where fraudsters would gain access to ATM/debit card details and PINs using cloning devices and keyloggers,” said Jayant Saran, partner - forensic, Deloitte India.
While we have limited information, considering the number of banks advising customers to change their ATM PINs at the earliest, could suggest that a larger network breach may have happened. Whether all banks making these requests are affected, or they are just being cautious is not known.Jayant Saran, Partner - Forensic, Deloitte India
Are ATM Frauds On The Rise?
While the recent incident may have raised red flags, ATM frauds are among the most common and can prove to be a big headache for banks. According to Deloitte’s 2015 India Banking Fraud Survey, such frauds were among the three biggest risks cited by banks.
- 25 percent of those surveyed saw more than 100 frauds a year in retail banking
- Average loss per fraud pegged at Rs 10 lakh per incident
- ATM fraud identified as the top risk by 24 percent of respondents
According to KV Karthik, partner - financial advisory services at Deloitte India, the number of incidents of fraud in retail banking tends to be higher although the average value of fraud loss per fraud is lower.
This is not surprising.
“As retail banking is more process as well as volume-driven, increased fraud incidents in this area should trigger a wider review of the process and controls to identify the root cause, as these incidents could be just the tip of the iceberg,” said Karthik.
In particular, ATM frauds and online banking frauds may become a bigger menace over time, he added.
Considering the presence of personal financial data online (in cloud networks) and the possibilities of hacking into banking systems to access such data, we foresee ATM fraud getting more sophisticated in the future.KV Karthik, Partner - Financial Advisory Services, Deloitte India