RBI in charge of monitoring debit card data breach
The Reserve Bank of India (RBI) has taken complete charge of the action needed after the reported security breach of data on 3.2 million debit cards. It said so at a review meeting, attended by senior officials of banks, National Payments Corporation of India and card network operators. Lenders were told to not issue any more communication on card misuse, RBI said it would do that.
The Reserve Bank of India (RBI) has taken complete charge of the action needed after the reported security breach of data on 3.2 million debit cards.
It said so at a review meeting it convened, attended by senior officials of banks, National Payments Corporation of India (NPCI) and card network operators. Lenders were told to not issue any more communication on card misuse; RBI said it would do all that. The data breach happened in AugustSeptember. The issue came to RBI’s notice on September 8, it said in a notice on its website, adding the issue was being investigated by an approved forensic auditor, under the PCIDSS (Payment Card Industry Data Security Standard) framework. The central bank again advised banks to review their security arrangements under the cyber security framework. Independently in recent months, RBI was asking banks to step up security to minimise cyber fraud. Banks have so far got complaints from only 641 customers about fraudulent activity. The RBI notification says banks have been taking the necessary remedial action, "including advising customers to change PIN, blocking payments at international locations, reducing the withdrawal limits, monitoring unusual patterns, replacing the cards and re-crediting the accounts of cardholders for amounts wrongly debited”.
It is a good practice to change PINs and passwords periodically, RBI said. Advising the details of cards not be shared with anyone, for any reason, RBI reiterated: “Banks do not ask for card or account details from their customers.”
According to reports, the systems of Hitachi Payment Services were infested with malware that helped miscreants steal personal information and do fraudulent transactions. Hitachi has denied the malware infection took root in its systems. A detailed forensic audit is being conducted by SISA, a payments security specialist, and the results are expected by the first week of next month.
The malware was reportedly found in the processors of Hitachi's central switch, which operates most of YES Bank and some other ATMs owned by non-bank entities.