This is how an ATM virus compromised 3.2 million debit cards in India

business

Updated: Oct 20, 2016 16:09 IST

Several banks will either replace or ask customers to change the security codes of 3.2 million debit cards on fears of potential security breaches. We answer questions that are being frequently asked over the incident:

What is behind the security breach?

A virus or malware infection at Hitachi Payments Services led to over 32 lakh debit cards in India being compromised. Hitachi is one of the companies that operate ATMs in India. The compromised debit cards were used in ATMs that are suspected to have exposed details of the cards to the malware.

A senior official at the National Payments Corporation of India (NPCI), an umbrella organisation for all retail payment systems, said the breach occurred a month ago. However, the loss is minute and banks will have to individually deal with it.

He further clarified that the error has nothing to do with banks, adding that the malware has been detected and corrective measures taken.

Which cards are affected?

Of the debit cards affected, 2.6 million are on Visa and MasterCard platforms, while 600,000 are on the RuPay platform. The worst-hit of the card-issuing banks are State Bank of India, HDFC Bank, ICICI Bank, Yes Bank and Axis Bank.

As a precautionary measure, the State Bank of India and its subsidiaries have blocked 6.25 lakh cards.

How to keep your financial data from being stolen?

Most banks have issued these advisories to customers:

*Change your card PIN

*Do not your use other banks’ ATMs

*Do not share your PIN, keep it a secret

*Do not give your debit card PIN to anyone over the phone

Banks such as the SBI have already undertaken a process of replacing over six lakh debit cards.

Recourse for those affected?

Immediately replace your debit or ATM card. Banks will not return the money customers have lost, as this is not a transactional error from the bank’s side but an ATM machine malware. The NPCI says the loss to customers is minuscule, and they are looking at recourse measures.