Card data breach: Govt promises prompt action

card-data-breach-govt-promises-prompt-actionNEW DELHI: With over 32 lakh debit cards compromised in India’s largest banking security breach, the government on Friday went into damage control mode, assuring customers that there is no cause for alarm and prompt action will be taken.

Finance Minister Arun Jaitley asked RBI and banks to submit a report on the issue.

According to the National Payments Corporation of India, as many as 641 customers across 19 banks have been duped of Rs 1.3 crore using stolen debit card data.

The government asked regulator Reserve Bank of India (RBI) as well as banks to provide details of the data breach and also preparedness to deal with cyber crimes.

“Have sought a report in the debit card issue. The idea is to contain the damage,” Jaitley told reporters here.

Department of Economic Affairs Secretary Shaktikanta Das said a report has been sought on all aspects.

“There is no cause for alarm, the integrity of IT system of banks is robust and whatever action is required, the government will take promptly,” he told reporters here.

The government, he said, is seized of the matter and reports have been called from RBI and banks to know what exactly has happened.

A preliminary input “sort of report” has already come in and the government is awaiting further details from the final report, he said.

“After getting the report… whatever action is required, necessary action will be taken by the government,” he said.

Earlier, speaking on sidelines of a German government event, Das said, “Customers should not panic because these hackings are done through computer and trail can easily be reached… they should not be alarmed. Whatever action has to be taken, it will be done with speed.”

Of the debit cards affected, about 26.5 lakh are on Visa and MasterCard platforms while 6,00,000 are on RuPay. The breach reportedly involved some 90 ATMs.

While Visa and MasterCard, in separate statements, have stated that their own networks had not been compromised, Hitachi subsidiary Hitachi Payment Services, which manages some of the ATM network processing, was investigating the matter, including whether there was a malware problem. MORE PTI JD
Das said that based on the report of RBI and banks, the government would exactly know what happened.

“And as you know, in the cyber world, the trail will always be there and it will be our effort to locate, to sort of trace the exact trail and locate the point of origin of where this has happened, and the government will definitely act on this,” he said.

Stating that cyber security is of utmost importance, he said the matter of cyber security was discussed in detail at the RBI board meeting four months ago.

Instructions were given to the banks to strengthen and tighten the firewall with regard to cyber security and protection of their systems, he said, adding that banks have taken a number of steps in this regard.

The issue, he said, was important from the point of view of financial stability as well.

“After getting the report, perhaps it will also be discussed at the FSDC meeting to review the matter comprehensively and give directions to all the banks, public and private sectors, and some other financial institutions to take action,” Das said.

Several banks, including state-owned SBI, have recalled a number of cards, while many others blocked the ones suspected to have been compromised and asked their customers to change PIN (personal identification number) before use.

There are some 60 crore debit cards operational in India, of which 19 crore are indigenously-developed RuPay ones while the rest are Visa and Master Card-enabled.

Fraudulent withdrawals have been reported from 19 banks so far while complaints have been received from a few banks that their customers’ cards were used fraudulently abroad, mainly in China and the US while the customers were in India.

SBI is said to have recalled around 6 lakh cards while others like Bank of Baroda, IDBI Bank, Central Bank and Andhra Bank have replaced debit cards of several customers as a pre-emptive measure.

Among private sector players, ICICI Bank, HDFC Bank and Yes Bank have asked customers to change their ATM PINs. HDFC Bank also advised its customers to use its own ATMs for carrying out any transaction.

The suspected security breach happened through a malware in the systems of Hitachi Payments Services, which serves ATM network of Yes Bank and also some white-label ATMs.–PTI