The banking sector has received an almighty scare with a suspected security breach which has resulted in over 32 lakh debit cards getting ‘tainted’. It means that uuthorized parties may have gained access to confidential data embedded in such cards issued by various public and private banks. Till now, around 19 affected banks are yet to come out with details about any data or money losses their account-holders may have suffered. The Department of Economic Affairs (DEA) has now said a probe is underway to get to the bottom of this crisis, while the Union Fince Ministry has asked banks to submit detailed reports about the potential data theft. For government servants and pensioners, it is worrisome indeed that State Bank of India, the country’s largest public bank, has been the hardest hit — reportedly forced to block over six lakh debit cards of account holders and re-issuing fresh ones. The SBI has assured that its move is purely pre-emptive to protect account holders, that the security breach due to suspected malware attack was detected in a non-SBI ATM network. But banks like HDFC and ICICI too are claiming that their systems have not been compromised. The suspected breach through malware infection is reported to have begun in the system of Hitachi Payment Services which services ATMs of some banks, though the group has denied it stoutly. Third parties like Hitachi Payment Services, FSS and CMS play a key role in the ATM network, for they provide the ‘switch’ or ‘payment transfer engine’ that allows the ATM software to connect to interbank networks, which in turn link up to bank servers to relay data and cash. The problem has been brewing since September before the tiol Payments Corporation of India (NPCI), the umbrella body of all retail payment systems in the country, blew the whistle when it said that over 600 customers of various banks have reported fraudulent transactions totaling Rs 1.3 crore. It is being said that two-thirds of the tainted cards are MasterCard or Visa, and the rest are RuPay.
This biggest ever security breach brings to the fore how vital cyber security is in a country dreaming of going completely digital, where the government is pushing for fincial inclusion and direct transfer of subsidies and monetary assistance to beneficiaries, where business and fince increasingly swear by cashless transactions. The Department of Fincial Services has now assured that out of estimated 70 crore debit cards operatiol in the country, data of only 0.5 percent cards have been compromised. But that is small comfort when various banks share their ATM networks and customers use these debit cards to make payments electronically at airports, hotels, shopping malls and other business establishments. When merely swiping the debit card at any such machine can allow uuthorized access to confidential data, what is the guarantee that one’s salary or savings account will not be cleaned out in a jiffy? In a three-year period from April 2011 to September 2014, various banks reported frauds in over 3,800 debit cards and 27,600 credit cards. There have been frequent reports of cyber crooks defrauding customers of their bank deposits by posing as bank officials and calling them up, threatening to block their debit cards and forcing them to reveal card details like PINs. Banks are now advising their customers to take precautions like ignoring suspect phone calls, regularly reviewing account statements and reporting any unusual transactions, changing their passwords and persol identification numbers (PIN), avoid using other banks’ ATMs, and going for online banking. Experts are meanwhile calling upon banks to review and upgrade their IT systems by adopting multiple-level authentication, installing stronger firewalls and updated anti-virus software, and using only fixed number of softwares at their ATMs. They are also suggesting that switch-providing third parties should now be brought under the country’s supervision framework. The Reserve Bank has indicated it will issue new directives by November, which won’t be a day too soon to provide digital fincial transactions an acceptable level of security. All precautions need be taken up on war footing, else the entire electronic banking and payment system will risk losing the confidence of customers.