The National Payment Corporation of India (NPCI), an umbrella organization for all retail payments system in India, said on Thursday that there are as many as 19 banks that have reported the fraudulent withdrawal from debit cards.
The total amount involved is Rs 1.3 crore as reported by various affected banks to NPCI. Cards of all these complainants are related to other card schemes. There is no RuPay cardholder who had lodged any complaint for such fraudulent usage," says A P Hota, MD & CEO, NPCI in a statement.
The problem of fraudulent transaction came to light when few banks reported the matter to NPCI that customer's cards were used falsely mainly in China and US while customers were based in India. Realizing that this could be a case of card data compromise, the ATM providers, POS terminal operators and three card networks - Visa, Master Card and RuPay - worked together to find out the data compromise.
NPCI's Hota says that the necessary corrective actions already have been taken and hence there is no reason for bank customers to panic.
There are many layers where a data compromise could happen. In a card transaction, there are merchant acquirers, banks, non bank ATMs, the ATM providers, card processors etc. In the present case, the suspicion is on a third party players which manages ATM for a private bank. A K Viswanathan, partner at Deloitte India says, "this incident along with Feb 2016 swift security breach clearly demonstrates the weakness in the system and that one does not have to compromise a bank's network or data to impact on the entire eco-system."
Currently, the big banks like SBI and ICICI are claiming that the possible breach of information of debit cards has taken place in the ATM network of another bank. There is no clarity or a fix where exactly the breach has taken place as there are so many layers where it could have happened.
Viswanathan adds that this is an awakening call and lays down an imperative for banks to rethink their cyber security strategy and adopt stringent cyber security practices within every aspect of their operations.
As a precautionary measures, all the banks have advised their customers to change the PIN number. "This has been done in order to protect our customers from any potential fraudulent transaction," says a ICICI Bank spokesperson.