The Rs 94-crore fraud at Pune’s Cosmos bank, caused by a malware attack on the bank’s systems raises several questions about the security controls. We take a look at how exactly the fraud was perpetrated.
The Rs 94-crore fraud at Pune’s Cosmos bank, caused by a malware attack on the bank’s systems raises several questions about the security controls. In the major fraud, hackers managed to embezzle over Rs 90 crore through a malware attack on the server of the bank and cloning thousands of debit cards, Cosmos Bank chairman Milind Kale had said earlier. The fraudulent transactions were carried out between August 11 and August 13 and the malware attack by the hackers originated in Canada, he said. In a release, NPCI said one of its network members has confirmed about a malware based attack on their system which has caused a fraud loss of over Rs 90 crore. But, how did the fraud actually take place? We take a closer look.
Malware refers to a malicious software, that is normally sent as a link to the intended target. Once clicked, it can install executable codes and scripts. To keep malware at bay, organisations install anti-malware and antivirus software, and firewalls. In the case of Cosmos bank, the malware compromised a digital system responsible for settling cash dispensation requests raised at ATMs.
When depositors withdraw money at ATMs, as soon as one swipes a card, a request is transferred to the respective bank’s core banking system (CBS). If the account has sufficient balance, the CBS will allow the transaction. In the case of Cosmos bank, the malware created a proxy system that bypassed the CBS. Following this, a series of 14,800 fraudulent transactions got approved to withdraw Rs 80.5 crore — Rs 78 crore through 12,000 transactions in 28 countries, the rest in India. Further, another Rs 13.5 crore was transferred to a Hong Kong-based entity using a facility called Society for Worldwide Interbank Telecommunications (SWIFT).
Cloned cards at play?
The fraudulent transactions suspected to have been carried out using “cloned cards”, although a senior source at National Payment Corporation of India (NPCI) said that this is not certain at this stage. Earlier too, cloned debit and credit cards have been used in several such cyber based crimes. The fraudster collects the card details (these are sometimes even sold over the dark net, a network with restricted access) and uses a a machine to copy these on dummies, or blank plastic cards.
RBI guidelines not followed?
Former NPCI managing director and CEO A P Hota was of the view that the RBI has clear guidelines and if these are followed, such incidents will not happen. “There is a case that as far as security is concerned, attention is given more to commercial banks and cooperative banks have been sidelined. However there are 9-10 cooperative banks as big as private banks and Cosmos Bank is one of them. Maybe RBI should pay special attention to large cooperative banks,” Hota told the Indian Express. Cyber crime investigation expert Ritesh Bhatia told the newspaper that security measures across Indian banks are moderate and given the high level of coordinated international attacks, all banks need to upgrade their security mechanisms.