MUMBAI: Close to 30 lakh debit cards are
understood to have been used in ATMs that are suspected to have exposed card and
PIN details to malware at the back
end.
While State Bank of India+ (SBI) has decided to
reissue debit cards to six lakh customers who had used their cards at suspect
networks, other banks are asking customers to change their ATM PIN. They are
also blocking international transactions that can be conducted without
PIN.
The problem relates to the feared breach in the
systems of Hitachi Payment Services, which manages the ATM network processing
for Yes Bank. The matter came to light around July. The private bank maintained
that no compromise had been detected in its ATM network and that the measures
were proactive.
The reason why a large number of banks are
impacted is that Yes Bank, despite having a small number of ATMs, sees a large
number of third-party transactions on its machines.
Yes Bank has undertaken a review of its ATMs,
and there is no evidence of a breach or compromise. Yes Bank continues to work
with relevant stakeholders, including other public sector and private banks, and
NPCI (National Payments Corporation of India), to ensure utmost safety and
security of its ATM network and payment services which are completely safe to
use," it said.
"The affected systems were quarantined and
inspected and the cards that were exposed have been identified and each bank has
taken action according to its risk management practices," said a regulatory
source. The incident has also compelled RBI to review its reporting framework
and it has asked banks to immediately inform the central bank of any suspected
fraud. The information would be shared with other banks on 'no-name' basis so
that proactive measures can be taken by the industry.
The recent incident also highlights new
security challenges for banks. Until now, ATM related thefts were largely a
fallout of fraudsters installing skimmers on machines or placing hidden cameras
to capture PIN. The fact that neither the regulator nor the affected bank have
released details of the malware has led to speculation. Some industry experts
said that given the scale of card reissuance by SBI, it looks like a malware had
access to the HSM (hardware security module) card which receives card
information and PIN.
Loney Antony, MD, Hitachi Payment Services,
said "Prima facie the system does not appear to be compromised but I cannot
comment until the final report is issued. I do not think it is necessary for any
bank to reissue cards. Many banks have asked customers to change their PIN
number, but this is a general practice to get customers to keep changing their
password," said Antony.
While the number of affected cards is large, it
is a small fraction (less than half a percent) of the total number of cards in
the country. As per numbers reported by RBI there are 60 crore debit cards in
the country.
Source :The Times of India
No comments:
Post a Comment