Debit card fraud: Time to hasten plans to upgrade ATMs in India
Over 3.2 million debit cards of consumers have been compromised and `1.3 crore have so far been fraudulently withdrawn through such cards — as information pertaining to the biggest ever data breach in the Indian banking system slowly trickles in, the statistics are enough to shake the confidence of consumers in the use of the cards.
In fact this could not have happened at a more inappropriate time. With Diwali barely a week away, the debit card is the most important commodity in the consumer’s pocket — whether to withdraw cash from an ATM or to make purchases. However, the debit card security breach has put a big question mark over the safety of the card usage and made consumers highly wary of deploying it. In fact I would not be surprised if banks find more customers walking into their branches to encash cheques, instead of withdrawing money from the ATM.
This is not the first time that debit cards have been compromised and fraudulently used in other countries. I have in these columns in the past referred to several such cases, on the basis of reader complaints. In all of them, the modus operandi was the same — the card was used in a different time zone — mostly in North America and sometimes in Dubai and the customers would get the usage alert on their cell phones in the middle of the night while they slept and the banks would invariably blame the customers for it and neither investigate nor refund the amount fraudulently used for purchases abroad.
This time of course, it’s happened on a large scale, forcing the banks to take note. However even here, the delay on the part
In the first approach — fourth of the flight — in Thiruvananthapuram, the pilots again did a go-around. With just 1,324kg fuel left, they declared “May Day”. After the fifth and sixth attempts, fuel was down to 898kg and 662kg.
“The aircraft took a 180-degree turn at very low height setting off the alarms,” said an official.
“The manoeuvre activated the enhanced ground proximity warning system (EGPWS), which warned repeatedly, ‘Terrain, terrain pull up’,” the report says.
But the captain continued the approach, ignoring all warnings and no visual contact of the runway, to finally land on the seventh attempt. An absence of company policy on how many approaches a pilot is allowed in inclement weather caused the incident, the report says.
A Jet Airways spokesperson said: “While the airline took all possible measures, including adequate fuel, inclement weather created a situation which demanded that the pilots apply all their skills and training to ensure a safe landing.” of the banks in investigating into the complaints of customers and identifying the security breach has proved costly for the customers.
And worse, even today, the banks are not prepared to come together, come clean and give their customers the complete information, the correct picture. While some banks have blocked the compromised cards of their customers, some have asked them to change the Personal Identification Numbers (PIN) of their cards, some have advised their customers not to use the ATMs of other banks, some have promised to replace the cards, yet others are completely silent on the issue.
All this has not only added to the confusion, but also created a fear psychosis in the minds of consumers — which ATM is safe? Which is not? Should one avoid using the ATMs of other banks? Is it necessary to change the PIN? Would it be better to ask for a new card?
This is indeed a testing time for the banking industry and the banking regulator has to step in and take certain urgent measures, including communicating with the bank customers, to restore their confidence in the use of debit cards and ATMs.
Which are the banks whose servers were attacked by malware? Which ATMs are safe and which are not? Are cards used in the ATMs of certain banks vulnerable? If so which are these ATMs and what was the period when these ATMs were infected with the virus? Have banks now put in place security systems against such cyber attacks? Consumers need clear answers and it is the duty of the regulator to provide it.
In view of what has happened, it might also be a good idea for the regulator to advance the date for upgrading of ATMs in the country, so that all banks issue only EMV Chip and PIN based debit cards and all ATMs are enabled to process them. In its communication dated May 26 this year, the RBI had given banks time till September 30, 2017, to do so.
THIS IS INDEED A TESTING TIME FOR THE BANKING INDUSTRY AND THE BANKING REGULATOR HAS TO STEP IN AND TAKE CERTAIN URGENT MEASURES, INCLUDING COMMUNICATING WITH THE BANK CUSTOMERS, TO RESTORE THEIR CONFIDENCE