Debit card data breach: Top 10 developments so far

MasterCard credit cards are seen in this illustrative photograph. Photo: Reuters
India’s journey to becoming a cashless economy seems to have got stuck in a morass, amid reports of a data breach involving 3.2 million debit cards. While some banks like State Bank of India (SBI) have re-called around 600,000 debit cards, others like Bank of Baroda, IDBI Bank, Central Bank and Andhra Bank have already replaced their affected debit cards, as a pre-emptive measure. Business Standard brings you top ten developments on arguably the biggest security breach faced by the Indian banking industry.

PMO lens on debit card security breach probe

As the call for a detailed investigation into the security breach of 3.2 million debit cards hots up, the Prime Minister’s Office (PMO) has stepped in to ascertain the quantum of risk. A P Hota, managing director of National Payments Corporation of India (NPCI), said Gulshan Rai, cyber security chief in PMO, called to know about the security breach. “All the banks and other stakeholders are cooperating and are regularly in touch with each other and the agencies,” he said.

Congress demands full disclosure

Ridiculing Prime Minister Narendra Modi over the potential breach of debit card security, the Congress has demanded full disclosure of the extent of the breach and compensation to the affected cardholders. “This government has a habit of saying that it is the first in doing anything. Well, it is the first government to let lists of cardholders get stolen,” said Congress spokesman Ajoy Kumar.

Govt orders probe into data breach

Banks, National Payments Corporation of India (NPCI) and the government got into a damage-control mode to curtail the risks emanating out of a possible data breach of 3.2 million debit cards. NPCI issued a statement quantifying the damage: “The complaints of fraudulent withdrawal are limited to cards of 19 banks and 641 customers. The total amount involved is Rs 1.3 crore as reported by various affected banks to NPCI.”

SBI advises customers to use its own ATM network

SBI has advised its customers to use the bank’s own ATM network, according to an official. “We are advising our customers to use SBI’s ATM network as a pro-active measure. At the same time, the bank is aiming to replace around 600,000 debit cards within two weeks,” said Partha Pratim Sengupta, CGM of SBI Bengal circle.

Govt has sought report: Jaitley

Finance Minister Arun Jaitley said the government had sought a detailed report on the extent of debit card data compromise following the breach. The government has asked Reserve Bank of India (RBI) and banks to provide details of the data breach and also banks’ preparedness to deal with cybercrimes. We have sought a report in the debit card issue. The idea is to contain the damage,” said Jaitley.

Debit card scare: Change ATM PIN immediately

Recently, many customers received mails and messages from their banks to change the ATM PIN of their debit cards. Bankers and cyber experts have advised that ideally an ATM PIN should be changed every three to six months. Are they being overly cautious? Perhaps not. Several banks have already asked their customers to change their card security details, besides sticking to own ATM networks.

Banks on how to avoid potential fraud

The security breach in debit cards has resulted in banks as well as card players to spruce up efforts to investigate the matter. SBI has taken precautionary measures and blocked cards of certain customers identified by networks to prevent them from potential fraud. Cardholders can generate the PIN through SMS/IVRS/internet banking without visiting the branch.

SBI to re-issue 600,000 debit cards, Axis admits to breach

Three financial institutions, including BSE, have faced cyberattacks in the past three months. Several banks have faced an increase in some form of cyberattack or security breach in recent times. Axis Bank recently informed RBI that it had experienced a cyberattack, while the State Bank of India said it was re-issuing over 600,000 debit cards because of a potential security breach.

Hitachi claims its systems were not breached in cyber attack

Hitachi Payment Services claimed an external audit on its ATM networks that it manages for banks have not seen any breach of its systems, even as it is updating the banks and card schemes across its network. “We had appointed an external audit agency certified by PCI in the first week of September, to check the security of our systems for any breach/compromise based on a few suspected transactions that were highlighted by banks for whom we manage their ATM networks,” Loney Antony, managing director, Hitachi Payment Services, said.

Banking shares shrug off debit card security breach concerns

Banking stocks on Thursday shrugged off concerns arising out of the potential fraud involving nearly 3 million debit cards. At a time when benchmark key indices were up only 0.6 per cent, bank indices were trading firm with a gain of about 1.4 per cent. 


Business Standard is now on Telegram.
For insightful reports and views on business, markets, politics and other issues, subscribe to our official Telegram channel