Biggest Debit Card Scam, multiple banks hit by Cyber attacks, 3.2 million debit cards compromised in India

If you are using any debit card then you must read this news. In recent days what’s emerging as fear in people’s mind is one of the biggest ever breaches of financial data in India where banks have admitted being hit by cyber attacks, forcing Indian banks to either replace or request users to change the security codes of as many as 3.2 million debit cards over the last two months. Of the cards, 2.6 million are said to be on the Visa and Master-Card platform and 600,000 on the RuPay platform. The worst-hit of the card-issuing banks are State Bank of India, HDFC, ICICI Bank, YES Bank and Axis Bank. What is behind the security breach? Read the complete report here.

[su_expand more_text=”READ MORE” less_text=” ” height=”0″ hide_less=”yes” link_style=”button” link_align=”center”]According to the sources, it is a virus or malware infection at Hitachi Payments Services led to over 32 lakh debit cards in India being compromised. Hitachi is one of the companies that operate ATMs in India. The compromised debit cards were used in ATMs that are suspected to have exposed details of the cards to the malware. 

How exactly does the malware work?

Malware is malicious software including viruses, worms, trojans, ransomware, spyware and other programmes that damage computer systems at ATMs or bank servers, and allows fraudsters to access confidential debit card data. In this case, swiping a card at an allegedly compromised ATM allowed the data on the card to be transmitted to the fraudsters, who then misused it for fraudulent transactions.

A forensic audit has now been ordered by Payments Council of India on Indian bank servers and systems to detect the origin of frauds that might have hit customer accounts. NPCI Managing Director AP Hota said: “We have received complaints from banks about debit cards being used in China which aroused suspicion.”


“Though most of the suspected fraudulent transactions happened in the Visa and MasterCard network, we thought a whole a forensic audit of the entire network will help us find out where the compromise happened,” he said.

HDFC Bank said it had already taken action on the matter a few weeks back. “Besides advising those customers who we know have used a non-HDFC Bank ATM in the recent past to change (their) ATM PIN, we are advising our customers to use only HDFC Bank ATMs as we believe security controls at some of the other bank ATMs may not be at par with HDFC Bank ATMs,” a spokesperson said. “We take this opportunity to reiterate that it’s always prudent to change ATM PINs from time to time. It prevents misuse.”

According to a source, on Wednesday it was reported that SBI would reissue 600,000 debit cards following a malware-related security breach. SBI has asked customers to change their PIN numbers as well. “Based on the complaints we have received, we are suspecting a compromise on the non-SBI ATM network which could include various white-label ATM service providers,” SBI Chief Information Officer Mrutyunjay Mahapatra said. He added, “Therefore, as a precautionary measure, we have blocked six lakh debit cards. We have assured our customers that there has not been any breach on the ATM network of SBI.”

Banks had been receiving multiple complaints from customers about cards being used in China at various ATMs and point of sale terminals. They, in turn, alerted Visa and MasterCard. A forensic audit is being conducted by Bangalore-based payment security specialist SISA.

Some sources said the malware infection took about six weeks to detect, compromising transactions that took place during this period. As many as 3.2 million cards were used on the Hitachi network during this time.

How to keep your financial data from being stolen?

Most banks have issued these advisories to customers:

*Change your card PIN

*Do not use your other banks’ ATMs

*Do not share your PIN, keep it a secret

*Do not give your debit card PIN to anyone over the phone

Recourse for those affected?

Immediately replace your debit or ATM card. Banks will not return the money customers have lost, as this is not a transactional error from the bank’s side but an ATM machine malware. The NPCI says the loss to customers is minuscule, and they are looking at recourse measures.



Also Read...

Scroll to Top