NPCI said it has received complaints of fraud transactions of a total Rs 1.3 crore from 641 customers.

Highlights About 3.2 million debit cards may have been compromised, says NPCI

Received Rs 1.3 crore fraud transaction complaints, it said

SBI has blocked and will replace 6,25,000 debit cards as precaution

About 3.2 millionmay have been compromised by a massive security breach, the National Payments Corporation of India or NPCI has said.The government agency said it came to know of a potential data breach when it had received complaints from banks that some customers' cards were used fraudulently in China and USA, while the owners were in India.NPCI said it has received complaints of fraud transactions of a total Rs 1.3 crore from 641 customers, who hold cards of 19 banks.The NPCI as well as the Finance Ministry have assured bank customers that corrective actions have been taken and there is no need to panic. ("Only about 0.5 per cent of total debit card details were compromised while remaining 99.5 cards are completely safe and bank customers should not panic," Department of Financial Services Additional Secretary GC Murmu told Press Trust of India.The country's biggest lenderhas said it has blocked and will replace 6,25,000 debit cards as precaution and that its customers will be compensated for losses, which it estimates at about Rs 10 lakh to Rs 12 lakh."There is a suspicion that a data breach might have happened. We got this information from Visa, MasterCard and RuPay. As a measure of precaution, we have decided to replace these cards, which have been blocked," SBI managing director Rajnish Kumar told NDTV. (Mr Kumar said the concern was that if hackers have access to card numbers and passwords it could be misused for e-commerce transactions or fund transfers. New cards would reach SBI customers soon, he said.The banker said the suspected breach had happened outside his bank's ATM network.An ICICI Bank spokesperson confirmed that a "possible breach of information of debit cards has taken place in the ATM network of another bank". As a precautionary measure, the PINs of debit cards used at the ATMs of that bank had been changed to protect customers, the bank said.Rajiv Anand, executive director of Axis Bank, too told NDTV that there had been no data breach at his bank's ATM network. "We have sent SMSes to customers to change PINs who were potentially exposed to a possible breach in other bank's network." he said. (Where customers had not reset their PINs, cards had been blocked, Mr Anand said.He said "some sort of malware was sitting in one of the bank's network. As a result, banks found that customers came to them saying that they were hit by transactions they had not done."News agency Reuters has quoted banking industry sources as saying that the breach was suspected to have taken place in the systems of Hitachi Ltd subsidiary Hitachi Payment Services, which manages ATM network processing for Yes Bank.But both Yes Bank and Hitachi have denied such a breach. Yes Bank said in a statement that it "has proactively undertaken a comprehensive review of its ATMs, and there is no evidence of a breach or compromise on Yes Bank ATMs."

Loney Antony, managing director of Hitachi Payment Services, said, "We had appointed an external audit agency in the first week of September, to check the security of our systems for any breach/compromise based on a few suspected transactions that were highlighted by banks for whom we manage their ATM networks. The interim report published by the audit agency in September, does not suggest any breach/compromise in our systems."There were 697.2 million debit cards in India as of end-July, according to data from the Reserve Bank of India.