* The malicious software can collect payment card data (including card number, expiry date, CVV and other customer information)
* This information can be used to clone cards, conduct transactions
* The software can enable transactions by sending a fake response to the payment network. The fake responses ensure that no details of the incoming transaction request or outgoing transaction response are logged in the switch application logs.
— Payment banks, banks can reset passwords for employees with access to payment servers
— Use two-factor authentication for providing access
Sisa has not yet confirmed whether customer accounts have been compromised or not.
India’s biggest debit card data breach
SISA, a payment security firm, investigated India's biggest debit card data breach in 2016. The breach affected nearly 3.2 million debit cards in 2016, was caused by a malware injection in its systems. SISA confirmed the malware captured both the debit card number and PIN of customers who used their cards at the affected ATMs. However, financial losses were contained because the card issuing banks blocked cards and advised some customers to change their debit card PIN.
“The reason why such cyber attacks are happening today is because of the ineffective implementation of the payment security standards. Organizations need to pay a lot more emphasis to this than they currently do. It’s not the check-the-box approach which has been traditionally followed,” Dharshan Shanthamurthy, founder and CEO of SISA, said.
“This happened to be one such incident. With demonetization, and with an increase in the number of digital payments, such attacks are going to get worse,” he warned.