Massive Indian ATM Hack Hits 3.2 Million Debit Cards Affected
India is undergoing the biggest data breaches to date with as many as 3.2 Million debit card details reportedly stolen from multiple banks and financial platforms.
According to an Economic Times report, the hack may be among the biggest ever financial data breaches in India with several victims reporting unauthorised transactions that have reportedly originated in China.
SBI, HDFC Bank, ICICI Bank, YES Bank and Axis Bank were among the worst hit, according to the report. Of 3.2 Million debit cards about 2.6 million affected cards are reportedly on the Visa and Mastercard platform, while 600,000 are on RuPay.
Hackers allegedly used malware to compromise the Hitachi Payment Services platform — which is used to power country's ATM, point-of-sale (PoS) machines and other financial transactions — and stole details of 3.2 Million debit cards, reports The Economic Times.
Some banks, including the country's biggest lender SBI, have announced that they'll replace compromised debit cards, while others banks, including HDFC Bank, have urged their customers to change their ATM PINs and avoid using ATMs of other banks.
The extent of damage due to breach also depends on the type of cards customers are using.
Cards which use Magnetic Stripe transmit your account number and secret PIN to merchants in a way that it could make easy for fraudsters to hack them, making these cards easier to clone.
Whereas, banks who are using EMV (Europay, MasterCard, and Visa) chip-equipped cards (better known as Chip-and-Pin cards) store your data in encrypted form and only transmit a unique code (one-time-use Token) for every transaction, making these cards more secure and lot harder to clone.
"This is a cards industry incident (not only SBI)," the statement added.
Times of India reported earlier that SBI is reissuing 600,000 debit cards in addition to asking its customer to change their PINs.
A Yes Bank spokesperson told HuffPost India in a statement the bank has "undertaken a comprehensive review of its ATMs" and found no evidence of a breach or compromise on its ATMs.
An Axis Bank spokesman said, "the breach occurred in the case of customers who have used certain non Axis Bank ATMs. "Over the last few weeks, Axis Bank has proactively reached out to the affected customers and advised them to change their Debit Card PINs. The Axis Bank ATM network is fully secured and customers should ideally use Axis Bank ATMs to change their Debit Card PINs."
Payments Council of India has, meanwhile, begun a forensic audit to check into signs of financial fraud into customer accounts. NPCI Managing Director AP Hota told ET that NPCI had received complaints from banks about debit cards being used in China which had aroused suspicion"
HDFC Bank has also reportedly advised its customers to change its ATM pin and only use HDFC ATMs for transactions, as non-HDFC ATMs may not have the security controls at par with its own.
A Mastercard spokesperson said in an e-mailed statement, "We are aware of the data compromise event. To be clear, Mastercard's own systems have not been breached." The statement added it is currently working on the investigations with regulators, issuers, acquirers, global and local law enforcement agencies and third party payment networks to assess the current situation.
Visa has said that while it doesn't currently process domestic debit ATM transactions in India, it is working closely with all networks and its financial institution partners to support with the investigations. It also urged Visa cardholders to report any suspicious activity and change PIN numbers as a precautionary measure.
The breach is said to have originated through a malware that was introduced in the systems of Hitachi Payment Services, a provider of ATMs and Point of Sale services. Hitachi couldn't be reached for comment.
Spokespeople for ICICI, Axis Bank, and HDFC, weren't immediately available for comment.
source: The Economic Times, HuffPost India
According to an Economic Times report, the hack may be among the biggest ever financial data breaches in India with several victims reporting unauthorised transactions that have reportedly originated in China.
SBI, HDFC Bank, ICICI Bank, YES Bank and Axis Bank were among the worst hit, according to the report. Of 3.2 Million debit cards about 2.6 million affected cards are reportedly on the Visa and Mastercard platform, while 600,000 are on RuPay.
Hackers allegedly used malware to compromise the Hitachi Payment Services platform — which is used to power country's ATM, point-of-sale (PoS) machines and other financial transactions — and stole details of 3.2 Million debit cards, reports The Economic Times.
Hacked Debit Cards Reportedly Used in China
It is not yet clear who is behind the cyber attack, but the report adds that a number of affected customers have observed unauthorized transactions made by their cards in various locations in China.Some banks, including the country's biggest lender SBI, have announced that they'll replace compromised debit cards, while others banks, including HDFC Bank, have urged their customers to change their ATM PINs and avoid using ATMs of other banks.
The extent of damage due to breach also depends on the type of cards customers are using.
Cards which use Magnetic Stripe transmit your account number and secret PIN to merchants in a way that it could make easy for fraudsters to hack them, making these cards easier to clone.
Whereas, banks who are using EMV (Europay, MasterCard, and Visa) chip-equipped cards (better known as Chip-and-Pin cards) store your data in encrypted form and only transmit a unique code (one-time-use Token) for every transaction, making these cards more secure and lot harder to clone.
SBI Blocks and will Re-Issue 600,000 Debit Cards
The statement added that SBI' systems have not been compromised, but the bank is in the process of issuing new cards to card holders whose cards have been blocked."This is a cards industry incident (not only SBI)," the statement added.
Times of India reported earlier that SBI is reissuing 600,000 debit cards in addition to asking its customer to change their PINs.
A Yes Bank spokesperson told HuffPost India in a statement the bank has "undertaken a comprehensive review of its ATMs" and found no evidence of a breach or compromise on its ATMs.
An Axis Bank spokesman said, "the breach occurred in the case of customers who have used certain non Axis Bank ATMs. "Over the last few weeks, Axis Bank has proactively reached out to the affected customers and advised them to change their Debit Card PINs. The Axis Bank ATM network is fully secured and customers should ideally use Axis Bank ATMs to change their Debit Card PINs."
Payments Council of India has, meanwhile, begun a forensic audit to check into signs of financial fraud into customer accounts. NPCI Managing Director AP Hota told ET that NPCI had received complaints from banks about debit cards being used in China which had aroused suspicion"
HDFC Bank has also reportedly advised its customers to change its ATM pin and only use HDFC ATMs for transactions, as non-HDFC ATMs may not have the security controls at par with its own.
A Mastercard spokesperson said in an e-mailed statement, "We are aware of the data compromise event. To be clear, Mastercard's own systems have not been breached." The statement added it is currently working on the investigations with regulators, issuers, acquirers, global and local law enforcement agencies and third party payment networks to assess the current situation.
Visa has said that while it doesn't currently process domestic debit ATM transactions in India, it is working closely with all networks and its financial institution partners to support with the investigations. It also urged Visa cardholders to report any suspicious activity and change PIN numbers as a precautionary measure.
The breach is said to have originated through a malware that was introduced in the systems of Hitachi Payment Services, a provider of ATMs and Point of Sale services. Hitachi couldn't be reached for comment.
Spokespeople for ICICI, Axis Bank, and HDFC, weren't immediately available for comment.
source: The Economic Times, HuffPost India
No comments
Post a Comment