Banks are rebooting security system on a war-footing as hundreds of crores of rupees got exposed in debit card data theft

After being hit by what can be termed as one of India’s biggest ever financial security breaches, Indian banks are rebooting security systems and refunding money to the customers.

Around 3.2 million debit card owners of banks such as State Bank of India (SBI), HDFC, ICICI, YES Bank and Axis Bank were hit after a breach was reported which is said to have originated in malware introduced in systems of Hitachi Payment Services, enabling fraudsters to steal information allowing them to steal funds.

After the breach was reported, SBI had asked their customers to change the PIN numbers of their debit cards as over 6 lakh debit cards were hit.

Axis Bank said some cards have been replaced and many customers have been asked to change their PIN codes. Even ICICI and HDFC Bank have followed suit and informed their customers about the same.

"Banks are currently conducting detailed investigations or assessment of all the transactions where money was lost due to the financial breach," a person with direct knowledge of the matter told ET.

ATMs of certain banks disbursed money on the fraudulent cards and some of these banks which are abroad, mainly in China, have reached out to the Indian banks to reimburse them the money .

"Like someone has used bank A 's debit card to withdraw money from ATM machine of bank B. We will be reimbursing all the customers who have lost their money within a week, and we are talking to other banks to sort out how to reimburse or collect money from them," a banker with one of the banks hit by the breach told ET.

Quite a number of customers do not have their bank accounts linked with their mobile numbers, so it is difficult to alert them of such a possible breach," AP Hota, MD & CEO, NPCI told ET.

Meanwhile, the finance ministry and the Reserve Bank of India (RBI) have sought for a report on how many cards were compromised and the quantum of funds siphoned off.

“There has to be some clarity from the RBI on when and to what extent is the customer liable if he fails to mitigate the damage done. Right now, it is not clear who will eventually take the fall in this case," Nishit Dhruva, Managing Partner, MDP & Partners told ET.
As per various reports, the breach has mainly affected the magnetic strip ATM cards.