Seeking to calm worried customers following a reported security breach of over 32 lakh debit cards of various banks, the Finance Ministry said on Thursday that they constitute only a very small number of the total such cards, which are "completely safe".
Only about 0.5 percent of total debit card details were compromised while the remaining 99.5 percent cards are completely safe and bank customers should not panic.GC Murmu, Additional Secretary, Department of Financial Services
There are around 60 crore debit cards operational in India, of which 19 crore are indigenously developed RuPay cards while the rest are Visa- and MasterCard-enabled.
Banks Recall ATM Cards
According to reports, the Finance Ministry is monitoring the debit card fraud and cyber security mechanisms. The Ministry had directed all banks to replace the compromised debit cards.
Since the data compromise has taken place from specific ATMs and over a specific time period, it is just a limited issue and banks have asked their affected customers to replace their card or change PIN, Murmu said, adding that other cards are not affected at all.
A Canara Bank message to a customer said:
In view of security reasons... please change the ATM pin immediately. In case not adhered to, we will be blocking the existing cards on 21 October.
Murmu said data of the users who carried out transactions on Hitachi ATMs during the month of May, June and July have been compromised.
The Hitachi ATMs, he added, deployed by many White Label ATM players and Yes Bank were impacted by the malware while other ATMs were completely secure.
Apprehending that this could be a case of card data compromise, all the ATMs / PoS terminals in India and three card networks – RuPay, Visa and MasterCard – worked in a collaborative manner in September.
Possible Compromise at Payment Switch Provider's System
The breach was detected after a few banks received complaints that their customers’ cards were used fraudulently mainly in China and USA while customers were in India, the National Payments Corporation of India (NPCI) said in a statement.
It was established through an analysis that there was a possible compromise at one of the payment switch provider's system. Based on the analysis, the NPCI and other bodies identified the period of compromise and the possible card numbers which could have been compromised during that period.
Though there were no complaints from any of the RuPay cardholders, the NPCI has taken the lead role for taking proactive steps in discussing the matter with various banks and card networks.
(At The Quint, we are answerable only to our audience. Play an active role in shaping our journalism by becoming a member. Because the truth is worth it.)