Promising swift action in the security breach of 32 lakh debit cards, the government has asked the affected banks and the Reserve Bank of India (RBI) to submit report on the nature of the security breach and details on the preparedness of the banks to deal with cyber crimes. “I have sought a report in the debit card issue. The idea is to contain the damage,” finance minister Arun Jaitley said. According to the National Payments Corporation of India (NPCI), as many as 641 customers across 19 banks have complained of fraudulent withdrawals worth Rs 1.3 crore using stolen debit card data.
Department of Economic Affairs Secretary Shaktikanta Das said there is no need for an alarm and a report has been sought from banks on all aspects. “There is no cause for alarm. The integrity of IT system of banks is robust and whatever action is required, the government will take promptly,” he said.
The government, he said, is seized of the matter and reports have been called from RBI and banks to know what exactly has happened. A preliminary input “sort of report” has already come in and the government is awaiting further details from the final report, he said. “After getting the report… whatever action is required, necessary action will be taken by the government,” he said.
Earlier in the day, on the sidelines of a German government event, Das had said: “Customers should not panic because these hackings are done through computer and trail can easily be reached…They should not be alarmed. Whatever action has to be taken, it will be done with speed.”
Of the debit cards affected, about 26.5 lakh are on Visa and MasterCard platforms while 6,00,000 are on RuPay. The breach reportedly involved some 90 ATMs. While Visa and MasterCard, in separate statements, have stated that their own networks had not been compromised, Hitachi subsidiary Hitachi Payment Services, which manages some of the ATM network processing, was investigating the matter, including whether there was a malware problem.
State Bank of India has either blocked or is in the process of replacing around 6 lakh debit cards following a
malware related to security breach in a private bank’s ATM network. Bank of Baroda, IDBI Bank, Central Bank and
Andhra Bank have already replaced their debit cards. ICICI Bank, HDFC Bank and Yes Bank have asked customers to change their ATM pin numbers.
The data breach took place between May and July, but was discovered only in September and banks decided to proactively change the cards. The government’s national card payments network said a forensic audit was ordered after banks reported that debit cards of their customers were fraudulently used in China and the US.
Das said that based on the report of RBI and banks, the government would exactly know what happened.
“And as you know, in the cyber world, the trail will always be there and it will be our effort to locate, to sort of trace the exact trail and locate the point of origin of where this has happened, and the government will definitely act on this,” he said.