Cyber threats: Forensic auditor probing debit card data breach, says RBI

National Payment Corporation of India said the complaints of fraudulent withdrawals were limited to cards of 19 banks and 641 customers.

By: ENS Economic Bureau | Mumbai | Published:October 25, 2016 2:16 am
atm fraud, india atm fraud, debit card block, debit card recall, sbi debit card, sbi debit card recal RBI also advises lenders to review existing cyber security arrangements.

The Reserve Bank of India on Monday advised banks to review the existing cyber security arrangements in the wake of the biggest-ever debit card data breach that affected the banking system. The issue is currently being investigated by an approved forensic auditor, the RBI said after a meeting with senior officials from select banks, National Payment Corporation of India and card network operators to review the steps taken by various agencies to contain the adverse fall-out of the card security breach.

The RBI has emphasised an early implementation of this framework so that the possibility of such incidents happening in future is minimised and in the event of such incidents, containment measures are taken immediately.

Watch what else is making news:

“It has come to the Reserve Bank’s notice on September 8, 2016 that details of certain cards issued by a few banks had been possibly compromised at ATMs linked to the ATM Switch of one of the service providers. The issue is currently being investigated by an approved forensic auditor, under PCI-DSS framework,” it said.

According to the RBI, the number of cards misused, as per currently available information, is few. “As a matter of abundant precaution, card network operators concerned were earlier advised to share the details of cards used during the period of such exposure. Based on this, banks have been taking necessary remedial action to avoid any potential abuse of such cards in future by unscrupulous elements and to protect the interest of their customers.

“Banks have taken measures including advising the customers to change PIN, blocking payments at international locations, reducing the withdrawal limits, monitoring unusual patterns, replacing the cards and re-crediting the accounts of cardholders for amounts wrongly debited,” the RBI said.

The Reserve Bank also urged the cardholding bank customers that it is a good practice to change the PIN and passwords periodically and not to share them with anyone for any reason. “Banks do not ask for card or account details from their customers, hence, customers may exercise caution and not reveal such information to any person on phone or email,” it said

Commercial banks have blocked or recalled 32 lakh debit cards of customers as a “precautionary” measure after being informed of potential risks to those cards following a major security breach at a payment services provider that manages ATM network of a private sector bank.