32 lakh debit cards issued by various banks are compromised in what is turning out to be the biggest financial breach in India so far. The cards are being replaced, or banks are asking the affected customers to change their pins, according to a report in the Economic Times. The Reserve Bank of India has asked banks to replace 17.5 lakh compromised debit cards, according to a report in The Hindu.
The breach was apparently in the payment system of Hitachi Payment Services. Hackers introduced a malware in the system that compromised the data of users after withdrawal from some ATMs. Hitachi is one of the largest providers in India for point of sale services, ATM withdrawals and mobile transactions.
Suspicious transactions originating in China triggered an ongoing security audit across banks. The malware was apparently active for over six weeks before being detected. The media reports have little or no information on the location and spread of the compromised ATMs. Users who are affected are being directly contacted by the banks.
SBI, HDFC and Bank of Baroda have already initiated the process of replacing the cards of the affected customers. SBI, the largest lender in the country, is replacing 6 lakh compromised cards. HDFC has silently contacted its customers weeks before the breach went public, advising customers to use only HDFC bank ATMs. Out of the 32 lakh compromised cards, 26 lakh are from the Visa and Mastercard platform, while 600,000 are from the Rupay platform.
Replacing the cards is not strictly necessary, as the systems in the banks themselves were not compromised. It is an additional step, for extra security. Customers can safely continue to use their cards with a changed pin. One of the easy steps consumers can take to prevent misuse is to frequently change the PIN numbers.