Mindful of the threat posed by the biggest-ever cyber security breach that hit 32 lakh debit cards recently, the Centre has decided to set up a committee to look into the overall security systems at payment channels to protect banks from future cyber attacks.
The committee would consist of representatives from Indian Computer Emergency Response Team (CERT-In), the National Payments Corporation of India (NPCI), banks and department of information technology, among others. “They have to see where security breach could happen,” an official told FE.
While the last incident occurred at the payment switches of two banks, the committee would look into whether the banking system is foolproof and suggest steps that can be taken to secure data, the official said.
A top cyber security official from the department of information technology would head the panel.
The government’s top cyber security arm, CERT-In, an arm of the department of information technology, would play a key role in this. In 2015, CERT-In handled 49,455 incidents, including website intrusion and malware propagation, malicious code, phishing, distributed denial of service attacks, website defacements and unauthorised scanning activities.
The government move is aimed at further ramping up cyber security. This is in addition to an ongoing forensic investigation by US-based Payment Card Industry Data Security Standard (PCI DSS) into the latest debit card fraud in India. PCI DSS is expected to submit its report shortly to Indian authorities. After examining the findings of the report, Indian banks would be asked to take corrective measures.
NPCI has estimated that Rs 1.3 crore had been lost by Indian customers in the debit card fraud, prompting banks to replace lakhs of debit cards or change ATM PIN.
Data across cards are believed to have been stolen from the ATM of an Indian private sector bank that is serviced by Hitachi Payment Services. Of the debit cards affected, 26.5 lakh are on Visa and Mastercard platforms, while six lakh are on RuPay. A public sector bank was also using the Hitachi Payment Services in a limited way. The corrective actions by banks could include replacing the particular payment switches that are at the centre of the security breach.