All necessary action taken, says National Payments Corpn. of India.

National Payments Corporation of India (NPCI), the domestic payment gateway, has urged debit card customers whose data has been compromised, not to panic as all the necessary actions have been taken to deal with the fiasco. “Necessary corrective actions already have been taken and hence there is no reason for bank customers to panic,” said A.P Hota, MD & CEO, NPCI. The advisory issued by the NPCI to banks for re-issue of cards is more a preventive exercise, he added.

According to a statement issued by the NPCI, 641 customer complaints from 19 banks have been received and the amount involved is Rs. 1.3 crore.

According to RBI norms, if the customer is not responsible for a fraudulent transaction, then the bank will be liable to pay compensation.

“All affected banks have been alerted by all card networks that a total card base of about 3.2 million could have been possibly compromised,” the statement said. The total debit card base of the country is 697 million.

According to the NPCI, the problem was detected when some bank customers complained that their cards were used fraudulently mainly in China and U.S. while customers were in India.

Suspecting that it could be a case of card data compromise, all the three payment gateways that operate in India — RuPay, Visa and MasterCard — swung into action in September.

“It was established through the analysis after such frauds were reported that there was a possible compromise at one of the payment switch provider’s system. Based on the analysis, NPCI and other schemes identified the period of compromise and the possible card numbers which could have been compromised during that period,” the NPCI said.

State Bank of India (SBI), the country’s largest lender which is in the process of replacing over 0.6 million debit cards, corroborated the NPCI’s views.

“Card network companies NPCI, Mastercard and Visa had informed various banks in India about a potential risk to some cards in India owing to a data breach. Accordingly, State Bank of India (SBI) has taken precautionary measures and has blocked cards of certain customers identified by the networks,” the SBI said.

Hitachi said it had appointed an external audit agency certified by Payment Card Industry (PCI) in the first week of September, to check the security of systems for any breach or compromise based on a few suspected transactions that were highlighted by banks for whom it manages ATM networks.

Yes Bank has also appointed a Certified Information Systems Auditor (CISA) for a forensic audit of its systems and processes.

“Yes Bank has proactively undertaken a comprehensive review of its ATMs, and there is no evidence of a breach or compromise on Yes Bank ATMs,” the bank said.

“Yes Bank continues to work with relevant stakeholders to ensure utmost safety and security of its ATM network and payment services which are completely safe to use,” it added.