Data leak originating bank to face RBI action: Debit card security breach

Oct 28, 2016 | 1:14 pm

Published by | Chandan Singh

security-breach-cyberops-infosec

The RBI (Reserve Bank of India) is likely to take action up against the standard bank from whose ATMs where the leak of customer data took place after the forensic audit is completed.

The regulator also made its displeasure experienced at certain banks which asked its customers to use only the in one facility ATMs and avoid using ATMs of other banking institutions.

The regulator told banking institutions that such advisory creates a wrong impression among the customers and provides a sense that other bank ATMs may be at risk and asked them to desist from such practices.

A senior bank official said, “Banks do whatever they could to protect their customers. Since our company is not in control of other banks’ ATMs, such advisories needed to release. ”

Nearly 45 days and nights after bank customer data got leaked from the ATMs of a leading private bank (Reserve Bank of India) organized a meeting to all bank, leader officers of Visa, MasterCard and the NPCI to plug the loopholes in the digital infrastructure banks have arranged in place.

It asked banks to confirm with its cyber security requirements issued on June 2, 2016. Additionally, they asked banking institutions to immediately report the loss of data or frauds that happen at their end.

The central bank said in a release, “It has come to the Reserve Bank’s notice on September 8, 2016, that details of certain cards issued by a few banks have been possibly compromised at ATMs linked to the CREDIT Switch of just one of the service providers. The problem is currently being looked into by an approved forensic auditor”.

It also said that the “number of cards misused, in accordance with currently available information, is few. As a matter of abundant safety measure, card network operators worried were earlier advised to talk about the details of cards used during the period of such exposure”.

According to data collated by banking institutions, about 3. 2 million cards were impacted and about Rs 1.25 crore were lost after the date on the debit cards were affected at the beginning of September. The issue arrived in light when customers complained to banks that their debit cards were being swiped in America and China when these were in India. Based on the client complaints, banks started out to deliver a group of select customers texted emails asking them to change their ATM pin figures. Some of the banking institutions like YES Bank reduced the daily withdrawal balance of their customers until the new PIN figures were created.

Banks required measures including advising the shoppers to change PIN, stopping payments at international locations, reducing the withdrawal limitations, monitoring unusual patterns, changing the cards and re-crediting the accounts of consumers for amounts wrongly debited.

The Reserve Bank of India on Monday urged the cardholding financial institution customers to improve the PIN NUMBER and passwords periodically and not to share this anyone for any reason. Banks, it said, will not request card or account details from their customers, hence, customers may exercise caution and never uncover such information to the person on phone or email. The RBI informed banks to set up their cyber security steps and strengthen it from time to time.

Source: DNAIndia