New Delhi: The Finance Ministry has asked various agencies, including the Reserve Bank of India, which are looking into the largest banking security breach involving over 32 lakh debit cards to submit their report in 10 days.
“We expect result of the technical enquiry in the next 8-10 days. This will give us exact picture of the entire incidence. It will give us lead as to where hacking or compromise took place,” Finance Ministry sources said.
Earlier this week, Finance Minister Arun Jaitley had said the government asked the RBI and banks to provide details of the data breach and also banks’ preparedness to deal with cyber crimes. As many as 32.14 lakh debit cards of various public and private sector banks are feared to have been compromised by a cyber malware attack in some ATM systems.
Several banks, including state-owned SBI, have recalled a number of cards while many others blocked the ones suspected to have been compromised and asked their customers to change PIN (personal identification number) before use.
Fraudulent withdrawals have been reported from 19 banks so far while complaints have been received from a few banks that their customers’ cards were used fraudulently abroad, mainly in China and the US while the customers were in India. According to the National Payments Corporation of India, as many as 641 customers across 19 banks have been duped of Rs. 1.3 crore using stolen debit card data.
There are around 60 crore debit cards operational in India, of which 19 crore are indigenously developed by RuPay while the rest are Visa- and Master Card-enabled. Of the debit cards affected, about 26.5 lakh are on Visa and MasterCard platforms while 6,00,000 are on RuPay. The breach reportedly involved some 90 ATMs.
The Hitachi ATMs deployed by many white label ATM players and Yes Bank were impacted by the malware while usage at other ATMs were completely secured.
While Visa and MasterCard have in separate statements stated that their own networks had not been compromised, Hitachi subsidiary Hitachi Payment Services, which manages some of the ATM network processing, was investigating the matter, including whether there was a malware problem.