An approved forensic auditor is investigating the debit card data breach, the Reserve Bank of India (RBI) said on Monday, as it advised banks to review the extant cyber security arrangements and sought an early implementation of the cyber security framework to minimise the possibility of such incidents.
The central bank on Monday met senior officials from select banks, National Payment Corporation of India (NPCI) and card network operators to review the steps taken by various agencies to contain the fallout of alleged breach of card data.
“It has come to RBI’s notice on September 8, 2016, that details of certain cards issued by a few banks had been possibly compromised at ATMs linked to the ATM Switch of one of the service providers,” the central bank said in a statement, adding that the issue is currently being investigated by an approved forensic auditor, under the PCI-DSS framework.
The regulator urged customers of banks to change the PIN and passwords periodically and to refrain from sharing those with anyone. “Banks do not ask for card or account details from their customers, hence, customers may exercise caution and not reveal such information to any person on phone or email,” the RBI said.
It said that the number of cards misused, as per currently available information, is few. As a matter of abundant precaution, card network operators concerned were earlier advised to share details of cards
used during the period of such exposure.
“Based on this, banks have been taking necessary remedial action to avoid any potential abuse of such cards in future by unscrupulous elements and to protect the interest of their customers. Banks have taken measures including advising customers to change PIN, blocking payments at international locations, reducing withdrawal limits, monitoring unusual patterns, replacing cards and re-crediting accounts of cardholders for amounts wrongly debited,” the RBI explained.
Last week, the National Payments Corporation of India (NPCI) estimated that an amount of Rs 1.3 crore had been lost by Indian customers in what is turning out to be the biggest-ever cyber security breach in the country, putting as many as 3.25 million debit cards at risk.