By: Gursahib Singh Buttar
Last week on
Thursday, 20th October 2016, whole nation faced the biggest data
breach till date for debit card details of nearly 3.2 million card holders of
multiple financial platforms and banks. Of 3.2 Million debit cards, 2.6 Million
are powered by Visa or MasterCard and rest 600,000 work on India’s own RuPay
platform. The biggest banks hit by this breach includes State Bank of India
(SBI), HDFC Bank, Yes Bank, ICICI Bank and Axis bank. All the banks have
released reported the breach to RBI and the rest are requested to check for
breach and report it immediately.
Hackers specifically
used a malware to compromise the Hitachi Payment Services platform –which is
used to power country's ATM, point-of-sale (PoS) machines and other financial
transactions, to steal details debit cards. It is not yet clear who is behind
the cyber-attack, but the reports are filed that a number of affected customers
have observed unauthorized transactions made by their cards in various
locations in China.
Bank cards
which use Magnetic Stripe transmit your account number and secret PIN to
merchants, could make it easy for fraudsters to hack them, making these cards
easier to clone. Whereas, banks who are using EMV (Europay, MasterCard, and
Visa) chip-equipped cards (better known as Chip-and-Pin cards) store your data
in encrypted form and only transmit a unique code (one-time-use Token/Password)
for every transaction, making these cards more secure and lot harder to clone.
SBI CTO Shiv
Kumar Bhasin said: "It's a security breach, but not in our bank's systems.
Many other banks also have this breach—right now and since a long time. A few
ATMs have been affected by malware. When people use their card on infected
switches or ATMs, there is a high probability that their data will be
compromised."
MasterCard
also denied that its systems were breached, issuing the following statement:
"We're aware of the data compromise event. To be clear, MasterCard’s own
systems have not been breached. At MasterCard, safety and security of payments
are a top priority for us and we're working on the investigations with the
regulators, issuers, acquirers, global and local law enforcement agencies and
third party payment networks to assess the current situation."
SBI, have
announced that they'll re-issue compromised 600,000 debit cards free of cost,
which could take up to 3 weeks to do so. Others banks on the other hand, have
urged their customers to change their ATM PINs and avoid using ATMs of other
bank along with some important instructions. You can check these instructions here,
published in Hindustan Times.
Meanwhile, the Payments Council of India has
ordered a forensic audit on the Indian bank servers to measure the damage and
investigate the origin of the cyber-attack. Bengaluru-based payment and
security specialist SISA will conduct the forensic audit.
Nicely put together thoughts
ReplyDelete