Posted by ANUPAM on
In the last couple of weeks, banks have reported multiple instances of data breaches, especially in debit and automated teller machine (ATM) cards. Banks have described these instances as cyber data breaches and said no monetary losses have been reported.Some of the affected banks have been asking their customers to change security codes. They are also blocking and replacing debit cards. The breach is thought to have been caused by malware on an ATM network.
Some customers are complaining that large sums of money have been taken from their accounts. Indian banks have issued nearly 700 million debit cards.The National Payments Corporation of India (NPCI), which controls all retail payments systems in India, confirmed in a statement that there was a "possible compromise at one of the payment switch provider's systems".
Despite suffering the biggest data breach, the damage was just Rs. 1.3 crore. The government has set in motion all formalities, including Union Finance Minister Arun Jaitley asking for a report and the various regulators setting up their own probes. But the Indian customers will still want to know why the information about a virus having affected a few ATMs was kept under wraps. It is no consolation but the Indian debit card holders can consider themselves rather fortunate. The malware used to infect the ATMs obviously did not have the rapidly replicating properties of Stuxnet, the virus that crippled the Iranian nuclear programme. In our case, only a few ATMs were affected.
Cybercrime is big business. It is projected to grow to $600 billion this year and banks will remain the primary targets. But we have no word on when exactly did the Payments Council of India discover the breach and order a probe. Cyber security requires regular communication among the service providers on the one hand and between the corporates and the customers on the other. There is no shame in admitting to a breach. Going public with a lapse actually creates awareness and a confidence that counter-corrective measures have been put in place. From what we know, the breach began taking place a month ago. But the affected banks appear to have functioned as silos.
Had the news not leaked in the media, only those directly affected would have come to know. The RBI and the Payments Council owe it to the country’s 60 crore debit card holders to shore up their confidence. Earlier scams like ATM keypad jamming and card swapping are passé. Criminals of cyberspace invariably have access to latest hacking techniques. All cyber breaches need not be for financial gain.
Reactions: Location: India