Over 30 lakh debit cards are under threat of having been exposed at ATMs where the card and PIN details might have been leaked. Banks are taking steps to ensure the safety of cards and thwart any potential troubles after a suspected breach of data security of a city-based private sector lender a few months back.
According to bankers, the breach impacted in such a way that anyone using the bank’s ATMs in the region might stand to get affected. Banks are asking customers to change the PINs of their ATM-cum-debit cards, and are also issuing new cards if the customers do not comply with the directive.
The largest lender State Bank of India has already blocked cards as a precautionary measure. “Card network companies NPCI, MasterCard and Visa had informed various banks about a potential risk to some cards owing to a data breach. Accordingly, we have taken precautionary measures and have blocked cards of certain customers identified by the networks,” SBI said in a statement.
“We came to know about the security breach and proactively recalled affected cards as we did not want our customers to be at any risk. There was no breach in our system. We are now issuing EMV-based debit cards which cannot be compromised,” SBI deputy managing director and chief operating officer Manju Agarwal told PTI.
She, however, declined to give the number of debit cards the bank has recalled. SBI has nearly 20 crore debit cards. There were media reports that said SBI had recalled 6.25 lakh debit cards due to malware-related security breach.
SBI further emphasised that its systems are absolutely fine and not compromised at and that existing cardholders are not at any risks. “We are in the process of issuing new cards at no cost to those cardholders whose cards have been blocked. This is a cards industry incident and not an SBI only incident,” an SBI statement said.
As per a report in the Times of India, the problem arose from the feared breach in the systems of Hitachi Payment Services, which manages the ATM network processing for Yes Bank. Though Yes Bank in itself has limited number of ATMs, a ot of third-party transactions are done from its machines.
When asked about alleged lapses on its ATM network, a Yes Bank spokesperson said, “Proactively undertaken a comprehensive audit of ATMs, and there is no evidence of a breach or compromise on ATMs. We continue to work with relevant stakeholders, including other public sector and private banks, and NPCI, to ensure utmost safety and security of ATM network and payment services which are completely safe to use.”
HDFC Bank reportedly asked the customers to change their PINs and has also been asking them not to use any other banks’ ATMs as a precautionary measure.
Bankers have however, claimed that there have been no monetary losses due to the breach and all the measures being taken are to safeguard the system against any potential threat.
The problem was first discovered between May and July, and banks have resorted to recall the affected debit cards from September. “Data processes of one private bank was compromised which affected other banks’ customers well. Customers who used that bank’s ATM stand to get potentially affected,” said another public sector banker.