Millions at risk from India ATM hack
Most of the affected cards belong to HDFC Bank, ICICI Bank, State Bank of India (SBI) and Yes Bank. The malware potentially means unauthorised individuals can get access to the data on debit cards – with Visa, MasterCard and RuPay the primary concerns.
The banks have reacted, with some offering to replace the compromised cards, while others, such as HDFC, simply recommend a PIN change.
SBI says it will re-issue over 600,000 debit cards at “no cost” and adds that the issue is a “security breach, but not in our bank’s systems”.
MasterCard also made some noise and says its “own systems have not been breached”. It is also “working on the investigations with the regulators, issuers, acquirers, global and local law enforcement agencies and third party payment networks to assess the current situation”.
Abhaya Prasad Hota, MD and CEO at the National Payments Council of India (NPCI), says it has “received complaints from banks about debit cards being used in China, which aroused suspicion”. NPCI has started a forensic audit on its bank servers.
Last month, Axis Bank, which was the first in India to pilot the RuPay EMV contactless smart card, reported a breach to the Reserve Bank of India (RBI) after its server was attacked by an “offshore hacker”. There were no reports of customers being affected, and the bank is investigating if the malware is still in its system.
According to the RBI, as of July, Indian banks had issued 697 million debit cards