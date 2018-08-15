Pune-based Cosmos Cooperative bank takes Rs 94-cr hit from cyberattack

The Cosmos Cooperative Bank, a multi-state scheduled bank, was attacked by cyber criminals and `78 crore were transferred outside India and withdrawn across 28 countries using cloned cards of the bank.

Further, Rs 13.50-crore withdrawal requests came from Hong Kong’s Hang Seng Bank account in the name of ALM Trading, Hong Kong. Another Rs 2.5 crore was withdrawn in India at different locations. The first of these transactions was reported from Canada. These transactions took place through ATM Visa and Rupay Card of National Payments Corporation of India.

The attack was through a malware on its debit card payment switching systems, Milind Kale, chairman, Cosmos Bank, said. The malware created a proxy switch through which these fraudulent payments were approved, Kale said. Cosmos Bank’s system did not approve the payments, he said. In all, it was a Rs 94.42-crore hit carried out in two hours on Saturday, August 11, when the bank was closed for the weekend and on Monday, August 13 at 11.30 am, initiated through SWIFT transaction.

“None of the fraudulent transaction is debited to any of the customer’s account and will not be debited in future,” the Cosmos bank chairman said.

He said the Cosmos Bank Core Banking System was secure and the attack has not affected their customer accounts and the customers’ bank balance was not impacted in any way, Kale said. These payments for the fraudulent requests did not reach their switching systems and they did not approve any of the transactions, he reiterated. These withdrawals ranged from $100 to $11,000, he said. The withdrawal was through cloned Cosmos Bank cards.

In the FIR filed with the Pune police on August 14 against unknown persons and ALM Trading, Hong Kong, the Cosmos Bank has complained that 12,000 transactions were carried out through Visa, worth `78 crore, and 2,949 transactions totalling `2.5 crore were through Rupay of NPCI.

Unusual repeated transactions took place through the ATM Visa and Rupay Card for two hours on August 11 and as soon as the suspicious transactions were reported, the bank immediately shut down its Visa and Rupay Debit Card System.

But Cosmos Bank had to settle the transactions and paid up `78 crore but this was subject to verification and reconciliation with other banks, Kale said. It has sought details of how much cash was dispensed from dispensing banks. Kale said they had appointed a forensic agency to investigate the malware attack.

This is not an attack on the Cosmos Bank but on the country’s banking payment settlement system as it was a failure of the switching operations and physical cash moving across 28 countries.

Cosmos Bank has halted its internet banking, mobile banking and ATMs as a precautionary measure, Kale said. Cosmos, the second-largest cooperative bank in the country, will now have to deal with provisioning for this amount and will be discussing it with the regulator, Kale said.

The bank had just completed audit by external agency and completed RBI inspection in July 2018 and there was no adverse comment or suggestions about any of the security systems at the bank, he said. Teams from RBI, Cert-in and external forensic investigator were at the bank carrying out investigations.

Sanjay Katkar, joint MD and CTO of IT security company Quick Heal Technologies, said the BFSI domain was amongst the sectors most vulnerable to cyber threats. “Tackling this challenge requires deeper coordination between authorities in the BFSI sector and the security firms managing cyber risks and security. Regulators need to develop a risk management framework, including adequate threat response strategies, and define the chain of command in case of a security breach,” he said.