SISA alerts banks about malware attack; asks to reset server passwords

Security firm Sisa on Tuesday warned all banks and payment processors to reset passwords for employees with access to payment servers. The advisory comes after it discovered that hackers had managed to insert malicious software into the payment switch server of an unnamed bank.

A malicious script (software code) has been injected into the payment switch application server — the hub which communicates with payment networks, a Sisi spokesperson told TOI.

What damage can the malware cause

* The malicious software can collect payment card data (including card number, expiry date, CVV and other customer information)

 
* This information can be used to clone cards, conduct transactions

 
* The software can enable transactions by sending a fake response to the payment network. The fake responses ensure that no details of the incoming transaction request or outgoing transaction response are logged in the switch application logs.

Solution

— Payment banks, banks can reset passwords for employees with access to payment servers
— Use two-factor authentication for providing access

Sisa has not yet confirmed whether customer accounts have been compromised or not.

India’s biggest debit card data breach

SISA, a payment security firm, investigated India's biggest debit card data breach in 2016. The breach affected nearly 3.2 million debit cards in 2016, was caused by a malware injection in its systems. SISA confirmed the malware captured both the debit card number and PIN of customers who used their cards at the affected ATMs. However, financial losses were contained because the card issuing banks blocked cards and advised some customers to change their debit card PIN.

“The reason why such cyber attacks are happening today is because of the ineffective implementation of the payment security standards. Organizations need to pay a lot more emphasis to this than they currently do. It’s not the check-the-box approach which has been traditionally followed,” Dharshan Shanthamurthy, founder and CEO of SISA, said.

“This happened to be one such incident. With demonetization, and with an increase in the number of digital payments, such attacks are going to get worse,” he warned.

Business Standard is now on Telegram.
For insightful reports and views on business, markets, politics and other issues, subscribe to our official Telegram channel