The Indian bank has been affected by one of the worst cyber attacks in the history. The Economic Times (ET) has reported that around 3.2 million debit cards have been compromised. The massive financial breach has hit India’s biggest banks including State Bank of India (SBI), HDFC Bank, Yes Bank, ICICI Bank and Axis bank . Customers are advised to change their ATM PIN immediately.
The breach is said to have originated in malware introduced in systems of Hitachi Payment Services, enabling fraudsters to steal information allowing them to steal funds. Hitachi, which provides ATM, point of sale (PoS) and other services.
Around 3.2 million debit cards have been compromised and It is not yet clear who is behind the cyber attack, but the report adds that a number of affected customers have observed unauthorized transactions made by their cards in various locations in China. Out of 3.2 Million debit cards, 2.6 Million are powered by Visa and Mastercard and remaining 600,000 belongs to India’s own RuPay platform.
“We have received complaints from banks about debit cards being used in China which aroused suspicion,” said AP Hota, Managing Director NPCI.
“Though most of the suspected fraudulent transactions happened in the Visa and MasterCard network, we thought a whole a forensic audit of the entire network will help us find out where the compromise happened” He said.
HDFC Bank said it had already taken action in the matter. “Besides advising those customers who we know have used a non-HDFC Bank ATM in the recent past to change (their) ATM PIN, we are advising our customers to use only HDFC Bank ATMs as we believe security controls at some of the other bank ATMs may not be at par with HDFC Bank ATMs,” a spokesperson said. “We take this opportunity to reiterate that it’s always prudent to change ATM PINs from time to time. It prevents misuse.”
SBI, another affected bank, is doubting the security aspects of non-SBI ATM service providers based on user complaints. The bank has blocked 600,000 cards as a precautionary measure.
“Based on the complaints we have received, we are suspecting a compromise on the non-SBI ATM network which could include various white-label ATM service providers,” SBI Chief Information Officer Mrutyunjay Mahapatra told ET.
Payments Council of India has ordered a forensic audit on the Indian bank servers to measure the damage and investigate the origin of the cyber attack. Bengaluru-based payment and security specialist SISA will conduct the forensic audit.
Source : economictimes