The Debit Card Data Breach Issue…Reason to Worry!

India’s banking system is dealing with perhaps the worst data security breach that it has ever dealt with. Debit card information of more than 3.2 million cards is said to be compromised.

According to the information released by the finance ministry, the government has asked banks as well as the RBI to furnish information about banks’ preparedness to handle such attacks.

Shaktikanta Das, the Economic Affairs Secretary recently interacted with journalists. She assured the country that the ministry will act swiftly in this matter and make sure that people get a refund for fraudulent charges.

Customers from 19 banks have reported such fraudulent charges. Several nationalized and private banks have blocked debit cards of their customers. They are contacting customers and are urging them to change their debit card PIN number. In some cases, banks have blocked existing cards, and have issued new ones.

Most of the affected customers have reported fraudulent transactions, posted from countries like the US and China. Thus, some banks have disabled international transactions on their customers’ debit cards.  They are asking customers to use their own bank’s ATM as far as possible.

Reports suggest that ATM network management company-Hitachi Payments Services was this malware’s first victim. Card details were probably compromised because of the company’s system that was exposed to malware.

Experts who interacted with reporters suggest that initially, several banks received complaints from customers about their card being used in China even when they never went out of India. But banks treated these complaints as isolated incidents and never looked at these charges from debit card data breach point of view. Banks did not report about these charges to Information Sharing and Analysis Centre on time. The situation was already gone out of hands when they realized that all these charges were part of a systematic fraud spread across several banks.

RBI has stepped in for damage control

The RBI officials recently conducted a meeting with executives from payment network service providers and bank representatives. The regulator has asked banks to not to share any information about the data breach and only the RBI will release communication about the same to avoid confusion. In order to minimize cyberfrauds, the RBI urged banks to beef up cyber security measures. Banks have been notified to keep the RBI updated about cyber security issues that they face on a real-time basis.

RBI’s data indicates that banks have started re-crediting cardholders who had filed complaints about fraudulent charges. They are monitoring unusual transactions, reducing withdrawal limits, and blocking international transactions as well.

The worrying fact is that data for 3.2 million cards has been compromised, but banks have just received 641 complaints from customers in this matter. This means hackers were able to target lesser number of accounts, customers have not yet checked their account for fraudulent charges, or banks have failed to register complaints.  Everyone knows how some arrogant staff members of nationalized banks deal with customer’s complaints.

Keep email and SMS alerts active

Make sure that your bank has your updated phone number and email address. Keep SMS and email alerts active. Read all the transaction related messages during the next few months.

If you are planning to travel and use your debit card abroad, inform your bank about the same and keep bank’s customer helpline number stored in your phone.

In case if you find any unauthorized charge, you should immediately contact your bank and submit your written complaint about the concerned transactions. If you fail to receive a satisfactory answer after your complaint, you can contact the branch manager or escalate your complaint to the regional Banking Ombudsman office via email.  Click here for list of BO’s email address to register your complaints.

Nitten Gokhaley

The author is a consultant journalist; you can follow him on Twitter- @nitten4u