Have you received an alert from your bank recently urging you to change your ATM PIN ?
Turns out a massive debit card hack has reportedly hit major Indian banks such as HDFC Bank, ICICI Bank, Yes Bank, Axis Bank and SBI, compromising as many as 3.2 million debit cards.
According to reports, the hack may be among the biggest ever financial data breaches in India with several victims reporting unauthorised transactions that have reportedly originated in China.
SBI, HDFC Bank, ICICI Bank, YES Bank and Axis Bank were among the worst hit, according to the report.
About 2.6 million affected cards are reportedly on the Visa and Mastercard platform, while 600,000 are on RuPay.
The breach is said to have originated in malware introduced in systems of Hitachi Payment Services, enabling fraudsters to steal information allowing them to steal funds. Hitachi, which provides ATM, point of sale (PoS) and other services, couldn’t be reached for comment late Wednesday.
A forensic audit has now been ordered by Payments Council of India on Indian bank servers and systems to detect the origin of frauds that might have hit customer accounts.
NPCI (National Payments Corporation of India) Managing Director AP Hota said :
We have received complaints from banks about debit cards being used in China which aroused suspicion. Though most of the suspected fraudulent transactions happened in the Visa and MasterCard network, we thought a whole a forensic audit of the entire network will help us find out where the compromise happened.
State Bank of India has said it has blocked and will replace 6,25,000 debit cards.
Mr Kumar said the concern was that if hackers have access to card numbers and passwords it could be misused for e-commerce transactions or fund transfers. New cards would reach SBI customers soon, he said.
Banks had been receiving multiple complaints from customers about cards being used in China at various ATMs and point of sale terminals. They in turn alerted Visa and MasterCard. A forensic audit is being conducted by Bengaluru-based payment security specialist SISA.