The government on Friday said a forensic auditor is conducting an independent probe into the biggest data breach affecting 32.4 lakh debit cards of several public and private sector bank customers. “The RBI has informed that an incident of data breach with respect to cards was reported and the matter is under investigation. Independent investigation by a forensic auditor approved under Payment Card Industry Data Security Standard (PCI-DSS) framework is under process,” Minister of State for Finance Santosh Kumar Gangwar said in a written reply in the Lok Sabha.
The apex bank has been carrying out IT examination of banks since last year. It has also set up an IT subsidiary, which would focus, among other things, on cyber security within the central bank as well as in regulated entities. Earlier, the RBI had said it came to its notice on September 8 that details of certain cards issued by some banks had been possibly compromised at ATMs linked to the ATM Switch of one of the service providers.
Following the data breach, 19 banks had recalled the compromised cards. In another reply, Gangwar said a total of 1,927 cases related to credit cards involving Rs 7 crore was reported during April-June 2016. As many as 1,328 cases (Rs 6 crore) related to ATM/Debit Cards, and 18 cases (Rs 1 crore) involving internet banking were reported during the period.
Replying to another question, Gangwar said the complaints pertaining to credit cards operations are mainly about issue of unsolicited cards, sale of unsolicited insurance policies and recovery of premium along with card charges, charging of annual fees in spite of being offered as ‘free’ card, wrong billing, and inappropriate practices by recovery agents, among others.
“The number of complaints about non-adherence to RBI instructions on credit cards by banks received in the offices of Banking Ombudsman is 7,472 in 2014-15, 8,740 in 2015-16 and 3,035 is in 2016-17 (up to October 31, 2016),” the minister said.