Saturday 22 October 2016

Banks recall over 32 lakh debit cards, govt seeks details

The government has taken swift action to contain the damage from the debit card data security breach crisis. It has ordered a probe and directed Reserve Bank and India and affected banks to submit a report on the breach which compromised nearly 3.25 crore debit cards in the country. The government has also assured customers that their stolen money will be returned and there is no need to panic . At a
time when the use of plastic money and online transactions is rising in the country, the banking sector has been confronted with a major challenge. For the first time at such a large scale, data security of nearly 32 lakh debit and credit cards of 19 banks has been breached. After detection of the data breach, banks have either blocked these cards or asked their owners to change their pin numbers.

The crisis was apparently triggered off due to security breach in a payment service provider.

The govt has taken action after its detection urging people not to panic as the data breach has only affected 0.5% of the cardholders in the country.

HOW WAS DATA BREACH DISCOVERED?

• The breach was apparently discovered when banks received complaints from customers in India that their cards have been used fraudulently in foreign countries like China

• Till now 19 banks have informed National Payments Corporation of India of fraudulent withdrawals

• NPCI has oversight over all retail payment systems in the country

• It says so far 631 customers have complained of fraudulent withdrawals amounting to 1.3 crore rupees

ANATOMY OF DATA BREACH

• The NPCI says data security was breached in a payment services' systems using a malware.

Malware is malicious software which in this case was used to steal data from ATMs or bank servers. 

If a customer used any malware affected ATM, his card's data was stolen by the fraudster and misused.

HOW WIDE IS DATA BREACH?

• The breach is not large as the country has a total of nearly 60 crore debit cards

• 19 crore are RuPay cards while the rest as Visa or MasterCard

• Only 32 lakh debit cards have been hit which is a mere 0.5% of the total

WHAT ACTION ARE BANKS TAKING?

• Most cards hit by malware were not chip based

• Banks are replacing non-chip based cards with chip based ones

• RBI has been asked to provide information of all fraud transactions

• And the international agency that fixes standards for data security for cards PCIDSS has ordered a forensic probe into the data security breach

The role of customers is vital in fighting data security theft in banking.

PRECAUTION FOR BANK CUSTOMERS

• They should sign the back of their debit cards

• Change your debit card pin from time to time

• Don't tell anyone your card or pin number

• Hide the keypad while using the ATM

• Stay at the ATM till it gives welcome message after its use

• Don't swipe your card at any suspicious establishment

• Register your card with mobile number & email to get transaction updates

DATA BREACH VICTIMS ACT FAST!

And if you become a victim of data security breach, inform your bank immediately.

RBI has stipulated that banks are responsible for any theft because of data breach.

Customers need to inform their bank within 3 days of the theft. They need to establish that it has taken place without their knowledge or because of carelessness. The bank needs to refund stolen money if data breach is established within 10 working days and the customers' grievance needs to be resolved within 90 days.

No comments:

Post a Comment