Banks want RBI to come up with new debit card norms
DAMAGE CONTROL No cause of alarm, prompt action will be taken, says government
NEW DELHI: With over 3.2 million debit cards compromised in India’s largest banking security breach and most customers not paying heed to advisories asking them to change their passwords and PINs, banks want the Reserve Bank of India (RBI) to come up with new directives in this matter. At present, lenders cannot force customers to change their passwords or PINs at regular intervals.
“The RBI is looking into the issue. Unless the central bank comes up with specific norms, we cannot do much,” a senior official of a large foreign bank said.
Of the 3.2 million, 2.6 million are said to be on the Visa and MasterCard platform, and 600,000 on the RuPay platform.
Meanwhile, the government has asked the RBI and banks to submit a detailed report on the issue, which could take up to a month. “We have sought a report in the debit card issue. The idea is to contain the damage,” finance minister Arun Jaitley said.
According to RBI rules, banks are responsible for security of the debitcardstheyissue. Moreover, a customer will not be liable where fraud or negligence is on the part of the bank or for a thirdparty breach where the customer notifies the bank within three working days of receiving a communication from the bank on any unauthorised transaction.
Estimates from various lenders, including Citibank, ICICI Bank and a few public sector banks suggest that only 10% to 15% of card-holders have changed their personal identification number (PIN). There are over 690 million debit card-holders in the country.
Before the breach of financial data, SBI had sent out an advisory to customers asking them to change their PIN, but only 7% took note,” said GC Murmu, additional secretary, department of financial services.
SBI has now recalled over 600,000 cards.
“We keep sending advisories to customers to change passwords and PIN, but very few follow instructions,” a senior ICICI Bank official told HT.
Between April 2011 and September 2014, banks reported 27,614 credit-card related frauds and 3,835 debit-card related deceptions.
“We have told banks that customers should not put to any inconvenience,” Murmu said, adding that there was no cause for panic. Of the 690 million debit cards, only 600 cards have been affected, he said.
This could come as a big blow to the government and the RBI, both of whom are trying to bring in as many people as possible into the formal banking net.