India’s Big Debit Card Fraud: Beware, This Is Just the Beginning!
Bigger attacks on our digital payment system could happen in the near future. (Photo: Altered by <b>The Quint</b>)
Bigger attacks on our digital payment system could happen in the near future. (Photo: Altered by The Quint)

India’s Big Debit Card Fraud: Beware, This Is Just the Beginning!

Recently, more than 3.2 million debit cards were reported to have been breached into by hackers, and what will concern you the most, is the manner in which the infiltration occurred.

ATM machines serviced and maintained by Hitachi Payment Systems, were compromised by a malware, infecting more than 50 ATMs in the country. This resulted in many account holders of HDFC, ICICI and Axis Bank among others reporting fraudulent money withdrawn from their account.

While this may not have caused a nationwide outcry, it’s hard to deny that the crux of the matter revolves around the current state of digital security. We quickly need to find a fix to safeguard our financial institutions and its supporting cast.

And with India slowly moving to the digital payments arena post demonetisation, cyber experts warn that incidents bigger than this could hit our banks and finances soon.

As scary as it may sound, if by 2018, our ATM machines are still found running on the outdated Windows XP, then we have no one else to blame but us.

70 percent of 2 lakh ATMs in India still run on Microsoft’s Windows XP operating system 
In banks, a breach can happen at multiple levels – like at an ATM, data centre, server network or through mobile banking. The ATM today is an easy target for hackers. 
Anand Ramamoorthy, Managing Director, Intel Security, South Asia

The lack of security at ATMs have been pointed out time and time again by experts of the domain, but we’re yet to see anything materialise that helps users feel confident about their money lying in the banks.

The strength of malware has increased over the past year or two. It is hard to keep a track of how quickly these evolve. This is where banks fail to catch up. 
Nilesh Jain, Country Manager - India and SAARC, Trend Micro 

Who to Blame?

In the case of debit card breach, as this Livemint report points out, Yes Bank ATMs serviced by Hitachi Payment Services have reportedly faced the brunt of the malware breach.

In its defence, Yes Bank had refuted those charges in the same report, but a problem nevertheless has popped up in front of everyone.

Yes Bank ATMs are said to be serviced and maintained by Hitachi Payment Services. The bank is answerable for the issue to the RBI, and hopefully this won’t cause panic situations.
Ethical cyber expert

He feels that an attack on bigger banking institutions cannot be ruled out, especially when people’s money is slowly shifting to digital platforms.

Since the root of attack comes from ATM machines of Yes Bank, the reported number of debit cards breached is 3.2 million. The damage could have been lot bigger 
Ethical cyber expert

He feels that the malware infected on the system could have entered physically by misuse of system, or by gaining remote access to the system.

The cyber attack could have occurred because of an internal compromise. Someone might have opened an email with an attachment that could be the source of the malware. 
Kartik Shinde, Partner, Ernst & Young

Shinde believes that banks need to adopt stringent policies to tackle such attacks. They should focus on doing due-diligence of the parties involved and restrict control of third party companies like Hitachi Payment services.

Globally, we have seen large-scale heists done in the recent past. More than $80 million was stolen from Bangladesh Bank’s hacked computers, wherein payments are made via Society for Worldwide Interbank Financial Telecommunication (SWIFT).

Incidents of heists have happened before, and will continue to occur in the future. With use of mobile devices increasing in the country and Internet of Things (IoT)-linked payments on the horizon, safety measures need to be taken at the earliest.
Kartik Shinde, Partner, Ernst & Young

All of this does sound scary, but with cause for optimism, Shinde and co highlight that banks need to improve its detection and response systems. Doing so, could help them avert a financial disaster that could have its ripple effect globally.

(Participate in the second edition of The Quint's My Report Debate and win Rs 10,000. Write an essay on how to fix India and Pakistan's relationship. Submit now)

Follow our Tech News section for more stories.

    Also Watch