As reports surfaced of a suspected malware affecting as many 3.2 million debit cards, in what could be India's largest financial data breach, banks have largely denied their systems were affected reassuring customers even as they admitted that a breach had taken place.
The suspected security breach happened through a malware in the systems of Hitachi Payments Services, which serves ATM network of Yes Bank and also some white-label ATMs.
Here's a roundup of what banks and payment services providers have said:
Yes Bank CEO Rana Kapoor has said, "As far as we are concerned, there are no such breaches or compromises... As an abundance of caution we have made sure and checked or double checked (our systems)...I am not an expert in ATMs... but there is a systemic issue. There will be some malwares on and off but there is heightened security. There are ATM models which are outsourced today and they require vigilance, quality and security controls."
State Bank Of India
In an e-mailed statement to HuffPost India SBI said, "Card network companies NPCI, Mastercard and Visa had informed various banks in India about a potential risk to some cards in India owing to a data breach. Accordingly, SBI has taken precautionary measures and have blocked cards of certain customers identified by the networks."
"Card network companies NPCI, Mastercard and Visa had informed various banks in India about a potential risk to some cards in India owing to a data breach. Accordingly, SBI has taken precautionary measures and have blocked cards of certain customers identified by the networks...SBI is in the process of issuing new cards at no cost to the customers whose cards have been blocked. The Cardholders can generate the PIN through SMS/IVRS/internet banking without visiting the branch. Alternatively, the cardholders can collect the physical PIN mailer from their home branch."
The statement added that SBI' systems have not been compromised, but the bank is in the process of issuing new cards to card holders whose cards have been blocked. SBI is reissuing 600,000 debit cards in addition to asking its customer to change their PINs.
"This is a cards industry incident (not only SBI)," the statement added.
In a statement to HuffPost India, Axis Bank said "the breach has occurred in the case of customers who have used certain non Axis Bank ATMs. Over the last few weeks, Axis Bank has proactively reached out to the affected customers and advised them to change their Debit Card PINs. The Axis Bank ATM network is fully secured and customers should ideally use Axis Bank ATMs to change their Debit Card PINs. "
HDFC Bank has said that it took action a few weeks ago.
"Besides advising those customers who we know have used a non-HDFC Bank ATM in the recent past to change (their) ATM PIN, we are advising our customers to use only HDFC Bank ATMs as we believe security controls at some of the other bank ATMs may not be at par with HDFC Bank ATMs," a spokesperson said. "We take this opportunity to reiterate that it's always prudent to change ATM PINs from time to time. It prevents misuse.
ICICI Bank has also advised its customers to change their PIN.
"We are using our real-time fraud monitoring systems to identify and proactively stop any misuse of the cards which may have been impacted by the alleged breach in that bank. We also urge our customers as part of our 'Safe Banking' communication to change their PIN periodically to prevent any misuse."
"We are aware of the data compromise event. To be clear, Mastercard's own systems have not been breached. At Mastercard, safety and security of payments is a top priority for us and we are working on the investigations with the regulators, issuers, acquirers, global and local law enforcement agencies and third party payment networks to assess the current situation."
"Visa does not currently process domestic debit ATM transactions in India, however we are working closely with all networks and our financial institution partners to support with investigations. Payment security is Visa's highest priority and cardholders can play an important part in keeping fraud at bay. Visa encourages cardholders to adopt the following measures: Change your Visa card PIN as soon as possible to prevent unauthorized access to your Visa card account; Contact your Visa card issuing bank immediately if you think your card account may have been compromised. In such instances, your bank can issue a replacement card
Hitachi Payment Services' managing director Loney Antony has said "The interim report published by the audit agency in September, does not suggest any breach compromise in our systems. The final report is expected by mid-November.
Following reports of the hack, Indian's Finance Ministry and central bank Reserve Bank of India have asked the banks to immediately assess and inform about the scale of the damage.
With PTI inputs