How to use debit cards in ATMs: A safety guide

At the time of one of the biggest banking breach in India, here are some do's and don'ts to keep in mind while using debit card

By: Express News Service | New Delhi | Updated: October 21, 2016 7:09:43 pm
debit card, debit card theft, ATM theft, ATM fraud, debit card fraud, debit card news, debit card data, debit card data news, ATM card news, ATM card theft, ATM news File Photo: A man counts money after withdrawing it from a State Bank of India ATM in Mumbai, March 9, 2016. (Source: REUTERS/Danish Siddiqui/File Photo)

Over 3.2 million debit cards from several banks in India were hit over the last two months following an ATM security breach through malware infestation.

The issue was highlighted after SBI, India’s largest commercial bank, on Wednesday said that it had blocked 6 lakh debit cards to ward off security threat , “Card network companies NPCI, Mastercard and Visa had informed various banks in India about a potential risk to some cards in India owing to a data breach. Accordingly, SBI has taken precautionary measures and have blocked cards of certain customers identified by the networks,” SBI said in a statement.

WATCH VIDEO: Simple Tips To Secure Your Debit Card From Fraudsters


The issue was not specific to SBI. Several other banks, such as Axis Bank, HDFC Bank and ICICI Bank, have also admitted being hit by similar cyber attacks. This is one of the biggest security breaches in India.

Read| Multiple banks hit: 3.2 million debit cards compromised; how it happened, what happens now?

Here is a short guide to on how the breach might have happened along with some dos and don’ts that you should keep in mind while using your debit cards.

Keypad jamming

The fraudster jams the ‘Enter’ and ‘Cancel’ buttons with glue or by inserting a pin or blade at the buttons’ edge. A customer trying to press the ‘Enter/OK’ button after entering the PIN, does not succeed, and thinks the machine is not working. An attempt to ‘Cancel’ the transaction fails as well. In many cases, the customer leaves — and is quickly replaced at the machine by the fraudster. A transaction is active for around 30 seconds (20 seconds in some cases), and he is able to remove the glue or pin from the ‘Enter’ button to go ahead with the withdrawal. The loss to the cardholder is, however, limited by the ceiling on withdrawals, and the fact that only one transaction is possible without swiping the card again and re-entering the PIN. Commonsense advice: do not seek the help of a stranger to withdraw cash, and do not leave the ATM box until the transaction has been cancelled. Banks do not take responsibility for such a fraud, which they put down to negligence on the part of the cardholder.

Card swapping

Sometimes, when a customer uses his debit card at a merchant establishment, the fraudster (who could be a fuel pump attendant or a restaurant waiter, etc.) will make a note of the PIN that is keyed in and, while returning the card, swap it with an identical dummy from a store of several cards he keeps. With both card and PIN, the fraudster can then withdraw cash until the cardholder is able to block the card. Banks advise customers to make sure their card is always in sight, to check if it is indeed theirs when an attendant hands it back, and to not ask him to punch in the PIN at the ‘point of sale’ terminal. In cases of card swapping fraud too, banks do not accept liability.

Watch what else is making news




This kind of fraud is more sophisticated. A small skimming device is planted in the ATM’s debit card slot, which is able to read the information on the card’s magnetic tape. The information, once copied, can be reproduced on any card, which can be subsequently used to withdraw cash. The customer’s PIN is captured by a small camera that the fraudster installs in the ATM kiosk. Banks generally take the liability for skimming frauds and make good the customer’s loss. However, the customer must block the card after the first instance of misuse.

While using debit card…

Never let anyone see you entering PIN

Always wait for ‘Welcome’ screen to be displayed after completing transaction

Ensure bank has your current mobile number so you get alerts for transactions

Watch out for suspicious movements of people around the ATM or strangers trying to engage you in conversation

Check if the card given to you by the merchant after completion of the transaction is yours

Look if there are any visible extra devices attached to the ATM

Inform the bank immediately in case your ATM/Debit card is lost or stolen, or if you notice a transaction you didn’t do

Check transaction alert SMSes and bank statements frequently


WRITE your PIN on the card; memorise it

TAKE help from strangers or hand your card to anyone else

DISCLOSE your PIN to anyone, including bank employees and family members

ALLOW card to go out of your sight

SPEAK on the mobile while transacting; it distracts you

For all the latest Business News, download Indian Express App

Share your thoughts