The latest casualty of cyber attack: Debit cards

The incident of 3.2 million debit cards being blocked by Indian lenders has sent jitters across the banking community.

Written by George Mathew , Sandeep Singh | Mumbai/ New Delhi | Updated: October 21, 2016 7:10 pm
cyber attack, cyber attack on atm cards, cyber fraud debit cards, axis bank, bank accounts hacked, cyber attack on axis bank, debit card fraud SBI, cyber attack on union bank accounts, cyber attack in india, cyber attack on indian bank, india news, latest news The banking sector globally is now encountering an increasing number of online frauds.

The concern is growing among bankers and customers on the threats posed by cyber criminals. With the rise in the volume of funds transmitted via electronic channels, the sector is facing new challenges as unscrupulous elements have started devising ingenious methods to siphon money sitting in countries outside India.

The latest incident of 3.2 million debit cards being blocked or recalled by Indian banks has sent jitters across the banking community. While the data breach took place between May and July, the fraud was discovered only in September and banks then decided to proactively change cards. In fact, days before demitting office in September, the then RBI Governor had indicated that there have been a spate of frauds (through vishing and phishing) in some segments of payment services.

WATCH VIDEO: Simple Tips To Secure Your Debit Card From Fraudsters

 

According to AP Hota, National Payment Corporation of India (NPCI), the genesis of the latest problem was receipt of complaints from some banks that their customers’ cards were used fraudulently mainly in China and the US while customers were in India. NPCI and other payment providers identified the security breach and the possible card numbers which could have been compromised during that period. These cards were then either blocked or recalled.

The banking sector globally is now encountering an increasing number of online frauds. At the start of the year, Bangladesh Bank was the target and an attempt was made to steal $1 billion and ultimately the attackers successfully got away with $81 million. Recently, in India too, a similar attempt was made on a commercial bank by generating fraudulent payment instructions on the Nostro accounts and transmitting them over SWIFT messaging system. Though a monetary loss was prevented, thanks to proactive follow-up with the concerned paying / intermediary banks, the incident reinforces the fact that various stakeholders may not have learnt the lessons yet.

RBI Deputy Governor SS Mundra, who highlighted online frauds in a recent lecture, said the RBI has also come across instances of fraudulent messages confirming documentary credits being transmitted using SWIFT infrastructure. In another incident involving shared mobile wallet of a bank, vulnerabilities were observed in the application itself which led to exploitation by the attackers. The originator of the transfer could get the amount reversed back to him without corresponding debit in the recipient’s account in a large number of transactions (total amount involved was around Rs 12 crore). The bank was not performing any real time reconciliation and noticed it only when there was a spike in transactions which led to detection during reconciliation. The vulnerabilities exploited in the incident could have been averted, had the launch of the product not been rushed through, the RBI said.

An e-payment validation website of a large bank was hacked. Surprisingly, the bank was not aware of the incident till it was notified by a law enforcement agency. There was a Facebook post by a person from a neighbouring country claiming responsibility for the operation. Though the hacking incident did not result in any pecuniary loss as the site attacked was only performing validations of inputs entered by end users, nevertheless it demonstrates a serious security breach, the RBI said. Cyber incidents are increasingly shifting towards targeting of financial institutions instead of end users.

Modus operandi

Skimming is common these days. This is a more technical mode of duping and the cardholder can hardly do anything about it as the miscreants plant a small skimming device in the debit card slot of the ATM machine and it can read the magnetic tape information of the card when the card goes through the skimming device. With the copied magnetic information, the defrauder can reproduce a duplicate card (on any plastic card) to be used later to withdraw cash. In order to access the PIN, the fraudster also installs a small camera at the ATM kiosk that can capture the ATM pin when it is entered by the cardholder.

Another form of ATM-related fraud that has come to banks’ notice is card swapping. When a customer visits a merchant establishment, a restaurant or a petrol station and uses his/her debit card for transaction, the attendant (fraudster) notes down the ATM PIN when it is keyed in by the customer. Later, while returning the card to the customer, the attendant swaps the customer’s card with a dummy card that is identical to the customer’s card. Since the customer is unaware of the swapping, he secures the dummy card whereas the fraudster gets both the card and the PIN which he uses to withdraw cash till the card is blocked by the customer.

Experts say that the fraudsters keep several dummy cards of various banks and depending upon the card provided by the customer for the transaction, they pull out a similar card and hand it over to the customer. Since most customers don’t check if the returned card is theirs or not, the fraudsters are successful in cheating the customer.

Fraudsters also use the keypad jamming method to steal money. The risk department of the banks have termed it so because the modus operandi of defrauder involves jamming both the ‘Enter’ and ‘Cancel’ buttons on the ATM machine by applying glue or by inserting a pin or blade at the edge of the button. So when the customer tries to press the ‘Enter/OK’ button after entering his ATM PIN, the key does not function and the customer can’t proceed with his transaction. At this juncture the customer thinks that the machine is not working and tries to cancel the transaction, which also does not go through as that button is also jammed. Thinking that the transaction is cancelled, he leaves the ATM machine. As soon as the customer leaves or is prompted to visit the nearby ATM machine, the fraudster takes over the machine and since the transaction is active for around 30 seconds in most cases (some banks have reduced it to 20 seconds), he keeps the transaction active by pressing some functional buttons and in the meantime removes the glue or pin from the ‘Enter’ button to go ahead with the transaction. The fraudster then withdraws the cash from the customer’s account, leaving the customer unaware of the fraud till he checks the message from the bank.

Beware customers

A debit card holder should always remember that he has to conduct the ATM transactions in complete privacy and never let anyone see while entering the PIN (Personal Identification Number). If another person gets hold of the PIN and card number, he can do online transactions without your knowledge. After completion of transaction, the customer will have to ensure that welcome page is displayed on the ATM screen.

Banks advise their customers to use their ATMs as far as possible and change the PIN numbers one in two months. “We also advised them to use only HDFC Bank ATMs as we believe security controls at some of the other bank ATMs may not be at par with HDFC Bank’s. We take this opportunity to stress that all our customers use HDFC Bank ATMs only and also change ATM PINs from time to time to prevent misuse,” HDFC Bank said.

Customers are not supposed to write the PIN on the card or diaries. It’s always better to memorise the PIN number. The most important thing to remember is: Never disclose the PIN or card number to anyone, including bank employees and family members. Customers get mails and telephone calls from fraudsters — who claim they are from the bank — asking for card details. Fraudsters even masquerade as the RBI Governor for getting card details. But customers should not fall prey to such tricks.

While using the card, do not take help from strangers or hand over the card to anyone for using it. It can be easily swapped or cloned. “Always ensure that the card should not go out of your sight when you are making a payment. Also avoid speaking on the mobile phone while you are transacting. Ensure your current mobile number is registered with the bank so that you can get alerts for all your transactions. Beware of suspicious movements of people around the ATM or strangers trying to engage you in conversation,” said a bank official.

While dining out or at the petrol pump, customers should check if the card given back to him by the merchant after completion of the transaction is his genuine card or not. “Look for extra devices attached to the ATMs that may be put to capture your data. It can be a camera or some electronic device. Customer should inform the bank if the ATM or debit card is lost or stolen and immediately report if any unauthorised transaction. Check the transaction alert SMS and bank statements regularly,” he said.

For all the latest Business News, download Indian Express App

  1. S
    Seth Smith
    Jun 26, 2017 at 6:33 pm
    I got my already programmed and blanked ATM card to withdraw the maximum of $50,000 MONTHLY for a maximum of 12 MONTHS. I am so happy about this because i got mine last week and I have used it to get $150,000 already. Georg Bednorz Hackers is giving out the card just to help the poor and needy though it is illegal but it is something nice and he is not like other scam pretending to have the blank ATM cards. And no one gets caught when using the card. get yours from Georg Bednorz Hackers today! Just send an email to georgbednorzhackers
    Reply
    1. M
      Mr Joel
      Jun 26, 2017 at 4:54 pm
      Ho ricevuto la mia carta ATM già programmata e vuota per ritirare il massimo di 1000 dollari al giorno per un massimo di 20 giorni. Sono così felice di questo perché ho avuto la mia settimana scorsa e l'ho usata per ottenere $ 7000. Sig.ra OMON sta dando fuori la carta solo per aiutare i poveri e bisognosi sebbene sia illegale ma è qualcosa di bello e non è come altri truffatori che fingono di avere le carte ATM. E nessuno viene preso quando usa la carta. Prendi il tuo da lei. Inviando una e-mail a atmmachine581
      Reply
      1. G
        Grace Smith
        Jun 20, 2017 at 12:33 am
        BE SMART AND BECOME RICH IN LESS THAN 3DAYS....It all depends on how fast you can be to get the new PROGRAMMED blank ATM card that is capable of hacking into any ATM machine,anywhere in the world. I got to know about this BLANK ATM CARD when I was searching for job online about a month ago..It has really changed my life for good and now I can say I'm rich and I can never be poor again. The least money I get in a day with it is about $5,000.(five thousand USD) Every now and then I keeping pumping money into my account. Though is illegal,there is no risk of being caught ,because it has been programmed in such a way that it is not traceable,it also has a technique that makes it impossible for the CCTVs to detect you..For details on how to get yours today, email the hackers on : (rodneymoneyhackerorg ). Tell your loved once too, and start to live large. That's the simple testimony of how my life changed for good...Love you all ..
        Reply
        1. B
          Blank Cards
          Jun 5, 2017 at 10:23 pm
          INSTEAD OF GETTING A LOAN,, I GOT SOMETHING NEW Get $5,500 USD every day, for six months! We have specially programmed ATM cards that can be use to hack ATM machines, the ATM cards can be used to withdraw at the ATM or swipe, at stores and POS. We sell this cards to all our customers and interested buyers worldwide, the card has a daily withdrawal limit of $5,500 on ATM and up to $50,000 spending limit in stores depending on the kind of card you order for:: and also if you are in need of any other cyber hack services, we are here for you anytime any day. Here is our price lists for the ATM CARDS: Cards that withdraw $5,500 per day costs $150 USD Cards that withdraw $10,000 per day costs $255 USD Cards that withdraw $35,000 per day costs $550 USD Cards that withdraw $50,000 per day costs $3670 USD Cards that withdraw $100,000 per day costs $5600 USD ! The price include shipping fees and charges, order now: contact us via email- blankatamcards133@gmail
          Reply
          1. R
            Ramssy Frenando
            Jun 3, 2017 at 3:06 am
            HOW TO SIMPLY GET A HACKED ATM CARD WITHDRAW $6,200 USD IN 45 MINUTES, VERY EASY Get a hacked ATM card that withdraws $6,200 USD everyday, it works for 2 complete months We create and program hacked ATM card which get you good funds within 45 minutes Contact: blankatmcards133@gmail and get one!!! There are different categories of these cards, what you can afford will determine the card to be sent to you CHECK IT OUT... Withdrawal of $6,200 USD Costs $180 USD Withdrawal of $8,500 USD Costs $350 USD Withdrawal of $10,000 USD Costs $820 USD Withdrawal of $12,950 USD Costs $3,250 USD Withdrawal of $15,800 USD Costs $5,550 USD NOTE: No games! Deal get completed in 5 working days, with proper co-operation! If you cant afford the money, Don't an E-mail, The money you pay will be spent to get software's which is used to program this cards! Contact: blankatmcards133@gmail and get one!!! /,..,.
            Reply
            1. R
              Ramssy Frenando
              Jun 3, 2017 at 3:05 am
              HOW TO SIMPLY GET A HACKED ATM CARD WITHDRAW $6,200 USD IN 45 MINUTES, VERY EASY Get a hacked ATM card that withdraws $6,200 USD everyday, it works for 2 complete months We create and program hacked ATM card which get you good funds within 45 minutes Contact: blankatmcards133@gmail and get one!!! There are different categories of these cards, what you can afford will determine the card to be sent to you CHECK IT OUT... Withdrawal of $6,200 USD Costs $180 USD Withdrawal of $8,500 USD Costs $350 USD Withdrawal of $10,000 USD Costs $820 USD Withdrawal of $12,950 USD Costs $3,250 USD Withdrawal of $15,800 USD Costs $5,550 USD NOTE: No games! Deal get completed in 5 working days, with proper co-operation! If you cant afford the money, Don't an E-mail, The money you pay will be spent to get software's which is used to program this cards! Contact: blankatmcards133@gmail and get one!!! .,.
              Reply
              1. R
                Ramssy Frenando
                Jun 3, 2017 at 3:04 am
                HOW TO SIMPLY GET A HACKED ATM CARD WITHDRAW $6,200 USD IN 45 MINUTES, VERY EASY Get a hacked ATM card that withdraws $6,200 USD everyday, it works for 2 complete months We create and program hacked ATM card which get you good funds within 45 minutes Contact: blankatmcards133@gmail and get one!!! There are different categories of these cards, what you can afford will determine the card to be sent to you CHECK IT OUT... Withdrawal of $6,200 USD Costs $180 USD Withdrawal of $8,500 USD Costs $350 USD Withdrawal of $10,000 USD Costs $820 USD Withdrawal of $12,950 USD Costs $3,250 USD Withdrawal of $15,800 USD Costs $5,550 USD NOTE: No games! Deal get completed in 5 working days, with proper co-operation! If you cant afford the money, Don't an E-mail, The money you pay will be spent to get software's which is used to program this cards! Contact: blankatmcards133@gmail and get one!!!
                Reply
                1. K
                  KATRIN
                  Jun 2, 2017 at 1:17 pm
                  HOW TO SIMPLY GET A HACKED ATM CARD WITHDRAW $6,200 USD IN 45 MINUTES, VERY EASY Get a hacked ATM card that withdraws $6,200 USD everyday, it works for 2 complete months We create and program hacked ATM card which get you good funds within 45 minutes Contact: Welighntonhacker@gmail and get one!!! There are different categories of these cards, what you can afford will determine the card to be sent to you CHECK IT OUT... Withdrawal of $6,200 USD Costs $180 USD Withdrawal of $8,500 USD Costs $350 USD Withdrawal of $10,000 USD Costs $820 USD Withdrawal of $12,950 USD Costs $3,250 USD Withdrawal of $15,800 USD Costs $5,550 USD NOTE: No games! Deal get completed in 5 working days, with proper co-operation! If you cant afford the money, Don't an E-mail, The money you pay will be spent to get software's which is used to program this cards! Contact: Welighntonhacker@gmail and get one!!! ss
                  Reply
                  1. Load More Comments