Here’s what you need to do if you are scared about the recent data breach in ATM cards

Advertisement
Here’s what you need to do if you
are scared about the recent data breach in ATM cards
Advertisement
What happened to India’s debit card fraud is nothing new to the world and for that matter India as well. Each one of us would receive a message from RBI to reset the ATM card pin at least once in a lifetime. In the US, a similar data breach happened at Target, a popular retail chain. It was found that data from up to 40 million credit and debit cards of those who had shopped at Target were stolen by hackers. In most cases, this kind of frauds is committed by people who won’t use the card credentials themselves. Rather they sell the sensitive information to agents who readily buy such data to sell it again to people who would transact.

However in India the game was different. The data breach has happened through ATM cards and was detected by Hitachi Payment Services, which maintains ATMs and point-of-sale terminals. This kind of frauds can happen using an extra "mouthpiece, (ATM skimmer), so that when you slide your card in, it first goes through the criminals' device, which skims your data, and then into the ATM, writes Hitesh Dharmdasani on The Economic Times.

Now we need to wait till the entire analysis is done as in how the fraudulent activity happened. That will only come next month. Meanwhile there is also a malware or a virus that affects ATM machines directly. In India, most cards are accepted by most machines, which is why a single malware can breach data across whole system in the country.

How can this be prevented?
No system can be made foolproof, let alone bank. Dharmdasani says, it has to be a cat-rat race where the banks need to be always ahead before the frauds reach them. For banks listed in the data breach incident recently, it is advised to ask for a new debit card with a new set of pins. This will cost you Rs 100- 300 but your hard-earned money is safe.

Advertisement

From a policy point of view, the ET report says, the government should look at the laws that many countries have for cyber security compliance. If you are accepting information, you need to be held accountable for that. The stringency could depend on the nature of the organisation: whether it's a bank, a healthcare company or a retail establishment. The advantage we in India have is that models that exist abroad have been tried and tested for 10-15 years. We can look at those models and see what fits into our ecosystem.