Jump to content

Debit card details of 3.2 million customers stolen in India


Batu69

Recommended Posts

3.2 million debit cards compromised; SBI, HDFC Bank, ICICI, YES Bank and Axis worst hit

MUMBAI: Banks in India will either replace or ask users to change the security codes of as many as 3.2 million debit cards in what's emerging as one of the biggest ever breaches of financial data in India, people aware of the matter said. Several victims have reported unauthorised usage from locations in China.

Of the cards, 2.6 million are said to be on the Visa and Master-Card platform and 600,000 on the RuPay platform. The worst-hit of the card-issuing banks are State Bank of India, HDFC Bank, ICICI Bank, YES Bank and Axis Bank, the people said.

The breach is said to have originated in malware introduced in systems of Hitachi Payment Services, enabling fraudsters to steal information allowing them to steal funds. Hitachi, which provides ATM, point of sale (PoS) and other services, couldn't be reached for comment late Wednesday.

 

3.2 million debit cards compromised; SBI, HDFC Bank, ICICI, YES Bank and Axis worst hit


A forensic audit has now been ordered by Payments Council of India on Indian bank servers and systems to detect the origin of frauds that might have hit customer accounts. NPCI Managing Director AP Hota said: "We have received complaints from banks about debit cards being used in China which aroused suspicion."

"Though most of the suspected fraudulent transactions happened in the Visa and MasterCard network, we thought a whole a forensic audit of the entire network will help us find out where the compromise happened," he said.

HDFC Bank said it had already taken action in the matter a few weeks back. "Besides advising those customers who we know have used a non-HDFC Bank ATM in the recent past to change (their) ATM PIN, we are advising our customers to use only HDFC Bank ATMs as we believe security controls at some of the other bank ATMs may not be at par with HDFC Bank ATMs," a spokesperson said. "We take this opportunity to reiterate that it's always prudent to change ATM PINs from time to time. It prevents misuse."
 
The Times of India had reported on Wednesday that SBI would reissue 600,000 debit cards following a malware-related security breach. SBI has asked customers to change their PIN numbers as well.

"Based on the complaints we have received, we are suspecting a compromise on the non-SBI ATM network which could include various white-label ATM service providers," SBI Chief Information Officer Mrutyunjay Mahapatra told ET.

"Therefore, as a precautionary measure, we have blocked six lakh debit cards. We have assured our customers that there has not been any breach on the ATM network of SBI."

Visa, MasterCard, ICICI Bank, Axis Bank and YES Bank did not respond to queries sent late on Wednesday.

Banks had been receiving multiple complaints from customers about cards being used in China at various ATMs and point of sale terminals. They in turn alerted Visa and MasterCard. A forensic audit is being conducted by Bengaluru-based payment security specialist SISA.

Some sources said the malware infection took about six weeks to detect, compromising transactions that took place during this period. As many as 3.2 million cards were used on the Hitachi network during this time.

 

Article source

Link to comment
Share on other sites


  • Replies 3
  • Views 751
  • Created
  • Last Reply
  • Administrator

That is why I do not really trust using these cards. :P

 

Having said, I'm not sure if the banks have, in any way, contacted the users of these hacked cards. Yes, they have blocked them, yes they will be sending the new ones for free, but, have they let the hacked / blocked cards users know that their card has been hacked / blocked.

 

It's high time banks, on all their devices, change or upgrade their OSes though.

Link to comment
Share on other sites


I don't know about  your specific banks but my bank alerts me the minute a charge is made to my card that isn't 'normal' based on my previous purchases.  The charge is in limbo until I text, email, or call them back verifying who I am and the last three charges made on the card.  Hackers attempted to use that banks card twice since I have had it (thanks to lax security at companies I previously did business with) but were stopped dead in their tracks both times.  Some companies will not even accept a large purchase without first calling the card owner and verifying the order.  I have had that happen with computer purchases. I appreciate that service since my credit card has a $100,000 limit on it.  I even buy my cars with it.  No one in my extended family has had to pay for an airline ticket in the last 15 years.  I buy them with my miles.  People think it is stupid to pay for a $1 cup of coffee at McDonalds with a credit card but the money I have saved in airline tickets and other rewards haven't cost me a penny since companies quit charging a percentage for credit card use in the late 90s.  Once you find a good bank that you can trust and who watches out for  you, then that is the one to put all your marbles in.

Link to comment
Share on other sites


36 minutes ago, straycat19 said:

I don't know about  your specific banks but my bank alerts me the minute a charge is made to my card that isn't 'normal' based on my previous purchases.  The charge is in limbo until I text, email, or call them back verifying who I am and the last three charges made on the card.  Hackers attempted to use that banks card twice since I have had it (thanks to lax security at companies I previously did business with) but were stopped dead in their tracks both times.  Some companies will not even accept a large purchase without first calling the card owner and verifying the order.  I have had that happen with computer purchases. I appreciate that service since my credit card has a $100,000 limit on it.  I even buy my cars with it.  No one in my extended family has had to pay for an airline ticket in the last 15 years.  I buy them with my miles.  People think it is stupid to pay for a $1 cup of coffee at McDonalds with a credit card but the money I have saved in airline tickets and other rewards haven't cost me a penny since companies quit charging a percentage for credit card use in the late 90s.  Once you find a good bank that you can trust and who watches out for  you, then that is the one to put all your marbles in.

My brother has the same kind of alert or verification system for credit card use but it is for every purchase he made an alert will be send that needs verification.

Last month, month of September, he was shocked upon receiving his credit card SOA that a large bill been charged on him from one of the largest fast food chain and a large bill of whatever been ordered that cost him thousands of bucks from the largest coffee store chain that was charged on his account.

He never been a fan of those stores and never went there for almost a year.

What is weird in this case is that none of the alert message system been triggered to inform him of those purchases.

He informed the bank and an investigation been made.

They replaced his credit card the next month, which is this month of October 2016.

Later they inform him that they will not charge him those questionable amounts.

When my brother asked how this happened, they said they were hacked.

We were starting to suspect that the bank have some scrupulous employees.

The lesson we learn from this is DO NOT TRUST their alert or verification system,or whatever they call it.

Always check what is being billed on you on your SOA, do check it thoroughly,

 

Same thing with an ATM (DEBIT) card, a news been shown on TV that a manager of such company has her hundred thousand of savings been stolen from her account.

Withdrawals of huge amount as charges of purchases from clothes shopping stores been made on her account (ATM Debit card).

The stores in the malls has video cams but when she asked for those recordings on those day her card been used, she was told they erased it already and some told her the cams are actually not functioning.

She never once visit or went shopping on those stores.

The bank told her ATM (Debit) card is treated differently from credit card.

They cannot return the money when it is already been withdrawn.

Weird? right? Never put your savings on an ATM (Debit) card!

But, of course, that is a tv news, she could be lying or she might be telling the truth.

 

If you do internet banking, never set it to pay your bills automatically especially for credit card bills, check what is being charge on your account first.

Never put your savings on ATM (Debit) card, transfer only a couple of thousand or a ten of thousands only for grocery or not so large amount shopping.

Never do internet banking on your smartphone!

When that is stolen, your FB, twitter,email accounts/passwords, banking accounts/passwords, will be accessible to the one who will have your device.

Your email accounts used for banking should never be stored in your smartphone! Be smart!

 

 


 

 

 

 

Link to comment
Share on other sites


Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...