India’s Big Debit Card Fraud: Beware, This Is Just the Beginning!

With digital payments on the rise, recent attacks on banks and ATMs could be sign of things to come. 

Updated14 Mar 2017, 10:08 AM IST
Tech News
3 min read

Recently, more than 3.2 million debit cards were reported to have been breached into by hackers, and what will concern you the most, is the manner in which the infiltration occurred.

ATM machines serviced and maintained by Hitachi Payment Systems, were compromised by a malware, infecting more than 50 ATMs in the country. This resulted in many account holders of HDFC, ICICI and Axis Bank among others reporting fraudulent money withdrawn from their account.

While this may not have caused a nationwide outcry, it’s hard to deny that the crux of the matter revolves around the current state of digital security. We quickly need to find a fix to safeguard our financial institutions and its supporting cast.

And with India slowly moving to the digital payments arena post demonetisation, cyber experts warn that incidents bigger than this could hit our banks and finances soon.

As scary as it may sound, if by 2018, our ATM machines are still found running on the outdated Windows XP, then we have no one else to blame but us.

70 percent of 2 lakh ATMs in India still run on Microsoft’s Windows XP operating system 
In banks, a breach can happen at multiple levels – like at an ATM, data centre, server network or through mobile banking. The ATM today is an easy target for hackers. 
Anand Ramamoorthy, Managing Director, Intel Security, South Asia

The lack of security at ATMs have been pointed out time and time again by experts of the domain, but we’re yet to see anything materialise that helps users feel confident about their money lying in the banks.

The strength of malware has increased over the past year or two. It is hard to keep a track of how quickly these evolve. This is where banks fail to catch up. 
Nilesh Jain, Country Manager - India and SAARC, Trend Micro 

Who to Blame?

In the case of debit card breach, as this Livemint report points out, Yes Bank ATMs serviced by Hitachi Payment Services have reportedly faced the brunt of the malware breach.

In its defence, Yes Bank had refuted those charges in the same report, but a problem nevertheless has popped up in front of everyone.

Yes Bank ATMs are said to be serviced and maintained by Hitachi Payment Services. The bank is answerable for the issue to the RBI, and hopefully this won’t cause panic situations.
Ethical cyber expert
India’s Big Debit Card Fraud: Beware, This Is Just the Beginning!

He feels that an attack on bigger banking institutions cannot be ruled out, especially when people’s money is slowly shifting to digital platforms.

Since the root of attack comes from ATM machines of Yes Bank, the reported number of debit cards breached is 3.2 million. The damage could have been lot bigger 
Ethical cyber expert

He feels that the malware infected on the system could have entered physically by misuse of system, or by gaining remote access to the system.

The cyber attack could have occurred because of an internal compromise. Someone might have opened an email with an attachment that could be the source of the malware. 
Kartik Shinde, Partner, Ernst & Young

Shinde believes that banks need to adopt stringent policies to tackle such attacks. They should focus on doing due-diligence of the parties involved and restrict control of third party companies like Hitachi Payment services.

Globally, we have seen large-scale heists done in the recent past. More than $80 million was stolen from Bangladesh Bank’s hacked computers, wherein payments are made via Society for Worldwide Interbank Financial Telecommunication (SWIFT).

Incidents of heists have happened before, and will continue to occur in the future. With use of mobile devices increasing in the country and Internet of Things (IoT)-linked payments on the horizon, safety measures need to be taken at the earliest.
Kartik Shinde, Partner, Ernst & Young

All of this does sound scary, but with cause for optimism, Shinde and co highlight that banks need to improve its detection and response systems. Doing so, could help them avert a financial disaster that could have its ripple effect globally.

Liked this story? We'll send you more. Subscribe to The Quint's newsletter and get selected stories delivered to your inbox every day. Click to get started.

The Quint is available on Telegram & WhatsApp too, click to join.

Published: 06 Mar 2017, 02:36 PM IST
Stay Updated

Subscribe To Our Daily Newsletter And Get News Delivered Straight To Your Inbox.

Join over 120,000 subscribers!