In one of the biggest card replacements in Indian banking, SBI (State Bank of India) reports that it will re-issue around six lakh debit cards to customers, which have been blocked following a malware-related security breach in a non-SBI ATM network.
“It’s a security infringement, but not within our banks’ systems. Many other banking institutions also have this infringement — right now and since quite a long time, ” Shiv Kumar Bhasin, SBI’s CTO (Chief technology officer), informed Times of India, adding that customers who used their Debit cards only at SBI-run ATMs have not been afflicted by this. “A few ATMs have been afflicted by a malware. Once people use their cards on infected switches or ATMs, there exists a high possibility that their data will be compromised, ” Bhasin said.
Several customers of the bank have found their ATM cards to be blocked. SBI has informed branches about the cards being blocked and fresh cards would be issued to customers. “Customers need not panic. They will can either approach their branch, contact phone bank or search on the internet for ‘re-carding’. They can also arranged their PINs using their homes using internet banking,” Bhasin said.
A month ago, Yes Bank experienced confirmed that its ATM network manager Hitachi Obligations was reviewing its network to rule out any compromise. Hitachi had started a detailed audit of their systems through a certified agency SISA. “Preliminary reports of the review conducted have been posted and the report will not establish any system-level breach at Hitachi Repayment Services, ” the lender said.
At present, the RBI does not require banks to report to the public any security breach in their network. “Banks whose ATMs have been infected must come forward and declare those infected ATMs. The responsibility is on them to halt this, ” Bhasin said, without naming the banking institutions. He added that until the condition is addressed customers who use their cards in the ATMs of afflicted banks will continue to be at risk.
A branch manager in Pune confirmed that the lender has blocked a few of its customers’ credit cards. She also said that the financial institution has sent SMSs to customers informing them that their card was blocked. However, afflicted customers were largely clueless about this development. “I experienced come to Delhi, from Punjab, on Monday and uncovered my card was not functioning. Once I called the bank, they said Let me have to come to Mumbai [my home branch] and re-apply, or copy my account to Delhi — which will take a fortnight — and then the new cards would arrive in several days, ” said Ankur Jaiswal, a researcher and SBI account holder.
Nidhi, a teacher, was also caught unawares on Sunday when she swiped her card at a service provider in Delhi. “I then tried using my cards at other bank’s ATMs and it (still) would not function. My spouse and me approached my branch later, they told me to re-apply, and that it (blocking of the cards) is occurring countrywide”, she said.
According to numbers on RBI website, as on July 2016, there were 20.27 crore active free electronic cards from SBI. In the same time, SBI’s associate banks had a total of 4.75 crore active debit card. The cards that were affected, and subsequently blacklisted, comprise about 0.25% of this.