11 December 2017
visit www.aciworldwide.com

Indian banks hit by massive ATM breach

20 October 2016  |  10535 views  |  2 Rupees

India's top banks are asking customers to change PIN codes and recalling millions of debit cards following reports of a malware-based security breach at a number of unspecified ATMs across the country.

State Bank of India, HDFC Bank, ICICI Bank, Yes Bank and Axis Bank have all issued advisories concerning the breach, which may impact up to 3.2 million debit cards. Earlier this week, State Bank of India blocked and recalled over 600,000 cards, while other banks have instructed some customers to alter their PINs and avoid using ATMs that are not on their network.

In a statement, SBI says: "Card network companies NPCI, MasterCard and Visa had informed various banks about a potential risk to some cards owing to a data breach. Accordingly, we have taken precautionary measures and have blocked cards of certain customers identified by the networks."

Shiv Kumar Bhasin, SBI's chief technology officer (CTO), told the Times of India newspaper: "A few ATMs have been affected by a malware. When people use their card on infected switches or ATMs, there is a high probability that their data will be compromised."

A P Hota, chief executive of National Payments Corp of India (NPCI) that runs RuPay, told the CNBC TV18 television channel that cards were possibly compromised by suspected security breaches involving as many as 90 ATMs throughout the country. Of the debit cards affected, 2.65 million are on Visa and MasterCard platforms, while 600,000 are on RuPay.

Hota speculates that the infection spread from a compromised gateway switch. Banking industry sources contacted by Reuters pointed the finger at Hitachi Payment Services, which manages ATM network processing for Yes Bank.

Kspersky Lab, which last month informed Axis Bank of a breach of its servers by an offshore hacker, says ATMs are terrifyingly easy to hack. "Looting an ATM is a trivial task, and banks are losing big," says the firm.

Update National Payments Corporation of India says that the PCI Council governing international security standards for card-based transactions is conducting a forensic audit of the payments switch of one bank "which is likely to be the source of the compromise". Cases of illegal withdrawals have so far been limited to 641 customers of 19 banks, and the total amount involved was 13 million rupees ($194,600), according to the statement.

Comments: (2)

A Finextra member
A Finextra member | 20 October, 2016, 13:17

India's regulator has come up with a cyber security framework in June 2016. Today US regulators proposed 'Enhanced Cyber Risk Management Standards' to mitigate cyber risk. US standards propose a comprehensive cyber risk management program encompassing (1) Cyber risk governance (2) Cyber risk management (3) Internal dependency management (4) External dependency management (5) Incident response, cyber resilience and situational awareness.

This concerted action by regulators augurs well to address cyber risk. In view of the frequent cyber incidents, Banks have to fast track adoption of the proposed cyber security frameworks. This would help Banks to prevent or reduce data loss occurrences.

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Ketharaman Swaminathan
Ketharaman Swaminathan - GTM360 Marketing Solutions - Pune | 20 October, 2016, 19:23

Before the cybersecuristas run wild with doomsday scenarios, there are 697M debit cards in India, so the 3.2M debit cards affected by this breach works out to 0.46%. Hardly a massive breach...

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Comment on this story (membership required)

Finextra news in your inbox

For Finextra's free daily newsletter, breaking news flashes and weekly jobs board: sign up now

Related stories

India to redefine ATMs as bank branches

India to redefine ATMs as bank branches

12 October 2016  |  6270 views  |  2 comments | 6 tweets | 10 linkedin
UK cops arrest ATM malware suspect in Romania

UK cops arrest ATM malware suspect in Romania

06 October 2016  |  7994 views  |  0 comments | 6 tweets | 3 linkedin
New ATM skimmers steal fingerprints

New ATM skimmers steal fingerprints

28 September 2016  |  9482 views  |  1 comments | 19 tweets | 25 linkedin
Thai police hunt suspects behind $350,000 ATM jackpotting heist

Thai police hunt suspects behind $350,000 ATM jackpotting heist

30 August 2016  |  4354 views  |  0 comments | 3 tweets | 6 linkedin
Hackers hit Oracle Micros POS unit

Hackers hit Oracle Micros POS unit

09 August 2016  |  6635 views  |  0 comments | 6 tweets | 9 linkedin
Yakuza arrested over massive ATM heist

Yakuza arrested over massive ATM heist

04 August 2016  |  4629 views  |  0 comments | 3 tweets | 5 linkedin
Taiwan banks suspend Wincor Nixdorf ATM withdrawals after crooks steal millions

Taiwan banks suspend Wincor Nixdorf ATM withdrawals after crooks steal millions

12 July 2016  |  11537 views  |  1 comments | 12 tweets | 16 linkedin
Malware turns whole ATMs into skimming devices

Malware turns whole ATMs into skimming devices

18 May 2016  |  9684 views  |  4 comments | 15 tweets | 22 linkedin
Number of compromised American ATMs soars - Fico

Number of compromised American ATMs soars - Fico

08 April 2016  |  9141 views  |  0 comments | 7 tweets | 7 linkedin
AmEx warns card members of merchant data breach

AmEx warns card members of merchant data breach

17 March 2016  |  12722 views  |  0 comments | 15 tweets | 7 linkedin
Security experts warn of new breed of bank malware

Security experts warn of new breed of bank malware

09 February 2016  |  12777 views  |  0 comments | 9 tweets | 20 linkedin
Cops break up ATM jackpotting gang

Cops break up ATM jackpotting gang

07 January 2016  |  7570 views  |  0 comments | 2 linkedin
ATM attack vectors on the rise

ATM attack vectors on the rise

27 November 2015  |  7538 views  |  0 comments | 4 tweets | 3 linkedin

Related company news

 

Related blogs

Create a blog about this story (membership required)
visit www.aciworldwide.comvisit www.solutions.lexisnexis.comvisit www.atos.net

Top topics

Most viewed Most shared
Revolut lets customers buy Bitcoin, Litecoin and EthereumRevolut lets customers buy Bitcoin, Liteco...
18065 views comments | 26 tweets | 22 linkedin
Saxo Bank's 'Outrageous Prediction': Bitcoin to peak at $60k next year before spectacular crashSaxo Bank's 'Outrageous Prediction': Bitco...
11025 views comments | 7 tweets | 6 linkedin
Deutsche Bank paper hails 'huge' blockchain potentialDeutsche Bank paper hails 'huge' blockchai...
6625 views comments | 13 tweets | 20 linkedin
Santander UK poaches Barclays innovation chief Michael HarteSantander UK poaches Barclays innovation c...
6410 views comments | 8 tweets | 17 linkedin
Barclays, First Direct and Nationwide join FCA sandbox cohortBarclays, First Direct and Nationwide join...
5817 views comments | 5 tweets | 12 linkedin

Featured job

to £70K base, £105K ote, benefits
London, UK

Find your next job