Latest


No need to panic, debit cards are safe: Finmin

  •   Thu, Oct 20 2016 09:07:02 PM

New Delhi, Oct 20 (PTI): Seeking to calm worried customers following feared security breach of over 32 lakh debit cards of various banks, Finance Ministry today said they constitute only a small number of the total such cards which are "completely safe", with no need for panic.

"Only about 0.5 per cent of total debit card details were compromised while remaining 99.5 cards are completely safe and bank customers should not panic," Department of Financial Services Additional Secretary G C Murmu told PTI.

There are around 60 crore debit cards operational in India, of which 19 crore are indigenously developed RuPay cards while the rest are Visa and Master Card enabled.

Since the data compromise has taken place from specific machine and specific time period, so it is just a limited issue and banks have asked their affected customers to replace their card or change PIN, he said, adding that other cards are not affected at all.

A Canara Bank message to a customer said: "In view of security reasons...Please change the ATM pin immediately. In case not adhered to, we will be blocking the existing card on 21-OCT-2016."

Murmu said data of the users who have transacted from ATM machines of Hitachi have been compromised during the month of May, June and July.

The Hitachi ATMs, he added, deployed by many White Label ATM players and Yes Bank were impacted by the malware while usage at other ATMs were completely secured.

As far as financial loss is concerned, there is minimum impact as reports on losses due to this is being collated.

The genesis of problem was receipt of complaints from few banks that their customer's cards were used fraudulently mainly in China and USA while customers were in India, NPCI said in a statement.

Apprehending that this could be a case of card data compromise, all the ATMs / PoS terminals in India and three card networks – RuPay, Visa and MasterCard worked in a collaborative manner in the month of September 2016.

It was established through the analysis post such frauds were reported that there was a possible compromise at one of the payment switch provider’s system. Based on the analysis, NPCI and other schemes identified the period of compromise and the possible card numbers which could have been compromised during that period.

Though there were no complaints from any of the RuPay cardholders, NPCI as a domestic utility for ATM payments has taken the lead role for proactive steps in discussing the matter with various banks and card networks.

The complaints of fraudulent withdrawals are limited to cards of 19 banks and 641 customers, NPCI statement said, adding that the total amount involved is Rs 1.3 crore as reported by various affected banks.

Cards of all these complainants are related to other card schemes and there is no RuPay cardholder who had lodged any complaint for such fraudulent usage, it said.

Murmu said all the affected banks have been alerted by all card networks that a total card base of about 32.14 lakh could have been possibly compromised. Out of this, 6 lakh are RuPay cards.

"It was suspected that a compromise was at switch level which is PCI-DSS certified. Hence, subsequently PCI Council (the international body which sets standards on for PCI–DSS) was persuaded to conduct a forensic audit of the switch of one bank which is likely to be the point of compromise. The forensic study is in progress and NPCI is in touch with relevant stakeholders," he said.

NPCI is closely working with all stakeholders and once the forensic investigation is over and the root cause is identified, we will issue a further set of recommendations as precautionary measures to member banks, he added.

According to Yes Bank statement, it has proactively undertaken a comprehensive review of its ATMs, and there is no evidence of a breach or compromise on the bank's ATMs.

"We would like to inform that the possible breach of information of debit cards has taken place in the ATM network of another bank. As a precautionary measure, the PINs of debit cards used at the ATMs of that bank have been changed. This has been done in order to protect our customers from any potential fraudulent transaction," ICICI Bank said.

Even HDFC Bank said the bank's systems detected a potential compromise of debit cards arising from usage at a non-home ATM network a few weeks ago.

"We immediately notified customers who we knew had used a non-HDFC Bank ATM in the recent past to change (their) ATM PIN. We take this opportunity to stress that all our customers use HDFC Bank ATMs only and also change ATM PINs from time to time to prevent misuse," the bank said in a statement.
  

Top Stories

Amrita Mysuru: Pioneering future of education with innovation & research

  •   23 hours ago   

Comment on this article

  • Vincent Rodrigues., Frazer Town,Bangalore

    Fri, Oct 21 2016

    This is a money matter and all the customers are panic.Need to take corrective without any delay and details to be furnished to the public giving full statistics of money involved every bankwise

    DisAgree Agree Reply Report Abuse

  • Jossey Saldanha, Mumbai

    Fri, Oct 21 2016

    We have Digital India ...

    DisAgree Agree [4] Reply Report Abuse

  • John, Udupi

    Fri, Oct 21 2016

    Under the BJPeee government, even common people's money is not safe in banks also!!!. If you spend they tax heavily and if you keep in banks they hack our accounts itself and loot us!!!!. Congress was 1000 times better!

    DisAgree [6] Agree [8] Reply Report Abuse


Leave a Comment

Title: No need to panic, debit cards are safe: Finmin



You have 2000 characters left.

Disclaimer:

Please write your correct name and email address. Kindly do not post any personal, abusive, defamatory, infringing, obscene, indecent, discriminatory or unlawful or similar comments. Daijiworld.com will not be responsible for any defamatory message posted under this article.

Please note that sending false messages to insult, defame, intimidate, mislead or deceive people or to intentionally cause public disorder is punishable under law. It is obligatory on Daijiworld to provide the IP address and other details of senders of such comments, to the authority concerned upon request.

Hence, sending offensive comments using daijiworld will be purely at your own risk, and in no way will Daijiworld.com be held responsible.

You might also like