Jagoinvestor

October 21, 2016

6.5 million Debit Cards compromised in India – Was your card one of them?

Around 6.5 million Indian Debit Cards have been compromised recently which is one of the biggest security breaches our country has seen to date.

Around 641 customers of 19 different banks have reported frauds worth Rs 1.3 crores in total as of now and after that, all banks started investigating the matter. Some of the banks that are worst affected are SBI bank, ICICI bank, HDFC bank, and Axis bank.

Here is a real incident reported by Vishal Sharma on this article below in the comments section

My card got cloned and my account was wiped out on 5th Sept 2016 by cash withdrawals from china . I immediately informed my bank Standard chartered who then blocked my card. It took 10 days and a lot of following up before they gave me a temporary credit.

SBI alone has reported that it has blocked around 6 lacs debit cards and going to issue new cards soon. This is done as a precautionary measure so that no frauds are done on these 6 lacs cards.

As per the following video, these compromised debit cards were used in the US and China while the debit card owners were in India.

How did this all start?

Around Sept start, various customers started complaining to banks about the fraudulent transactions, and that when banks started reaching out to National Payments Corporation of India (NPCI), which found out that it was a malware-related security breach in various ATM’s and Points of sale systems which were managed by Hitachi Payment Services.

That’s when the banks asked its customers to change their PIN. Banks also blocked cards and started providing the new cards to its users.

The banks are saying that this security breach has happened outside the bank’s network, but still, the investigation is going on right now and more details will come up in coming times.

How did the security breach happen & What got Hacked?

As per the above video from NDTV, almost every detail of the card was hacked like

  • Name on the card
  • Expiry Number
  • Card Number
  • CVV number

When you use your card at an ATM or a point of sale (in some shop), the data first goes to a central server (central server switch) and that further sends the data to your bank to check if you have balance in your account or not. This central server had the malware sitting and the data was compromised at that point.

Around 3.2 million debit cards hacked in India

Can you take some precautions?

The only thing you can do right now is either change your PIN. Most of the security measures are already taken by the banks, so you can’t do much from your side now other than getting your card blocked (not recommended). You can read more details about this news here

Do you know anyone who faced the card fraud? Can you share that?

What do you think about this issue? What are your views?

Subscribe
Notify of
guest

This site uses Akismet to reduce spam. Learn how your comment data is processed.

36 Comments
Inline Feedbacks
View all comments
Rajat Monga
Rajat Monga
7 years ago

Hi, great article.
Unfortunately I am a victim of low cibil score and was looking measures to improve it as I also wanted to avail a personal loan to renovate my house. Please suggest me as the banks keep cibil score as the fundamental factor in giving loans

Velmurugan M
Velmurugan M
7 years ago

Whether i could able to block my debit and credit card international usage/?

Mithun
Mithun
8 years ago

Is it really 65 lakhs or 30 lakhs?

The issue has happened because of the lackadaisical attitude of all banks irrespective of numerous RBI notifications to issue chip based cards rather than magnetic ones which can easily be cloned.

And also most of the ATMs are having inadequate security and no security audits are done even monthly.

They are having:

1. Outdated Windows XP(why can’t they use Linux)

2. USB support in all machines

3. Software’s like Teamviewer which allows remote control via web

ashok
ashok
8 years ago

Hi Manish,

Good article.For me, nothing happened. But for the precautionary action, i have changed the PIN for all the cards.

PatientWealth
PatientWealth
8 years ago

We had a card hacked a few years ago. I am based in the United States. The credit card company saw charges that were being made at locations hundreds of miles from where I live and after a few of them they immediately cancelled the card and refunded me my money. They also sent an updated card. I was pleased with how Discover handled this. Interesting article!

Anjan
Anjan
8 years ago

We give away Xerox copies of PAN Card, Passport, Voter ID etc. to Mobile Stores, Insurance Agents and to many people/institutions due to various reasons. Anybody can make further multiple xerox copies from 1 xerox copy. It’s that easy to commit fraud. Background verification needs to be more stringent to avoid such fraud. But companies are more interested in increasing customer base than ensure security of personal data.

Rahul Jain
Rahul Jain
Reply to  Anjan
8 years ago

I believe best way to avoid (only till an extent) is whenever you are providing any of your document like PAN card, Passport copy to any of the service provider, write on top of the copy :
1. Purpose of the copy provide
2. Date of issue
3. Service provider name

Ajith
Ajith
8 years ago

Are chip based cards secure compared to normal ones

SANJAY LAHA
SANJAY LAHA
Reply to  Jagoinvestor
8 years ago

Chip based card means?

Goutam G.
Goutam G.
Reply to  Jagoinvestor
8 years ago

Chip based card hold a SIM like cheap in addition to magnetic strip

G V RAJESH
G V RAJESH
8 years ago

What about having iris-scan or finger print scan etc for every transaction at ATMs

Pankaj
Pankaj
8 years ago

In international transactions, PIN has no role
All you need is card no , name and cvv.even OTP is not needed. It is here banks have to work .

SANJAY LAHA
SANJAY LAHA
Reply to  Pankaj
8 years ago

I have disabled my international usage via INB

vishal sharma
vishal sharma
8 years ago

My card got cloned and my account was wiped out on 5th Sept 2016 by cash withdrawals from china . I immediately informed my bank Standard chartered who then blocked my card. It took 10 days and a lot of following up before they gave me a temporary credit.

Sam
Sam
Reply to  vishal sharma
8 years ago

Did the bank reimburse ur lost money?

Santanu
Santanu
8 years ago

Internet is one way making our life easy and in other way exposing us to such attacks. I think every transaction should be linked with mobile phone now a days through OTP. If required ATM withdrawal also.
Thanks Manish for sharing this update.

Anjan
Anjan
Reply to  Santanu
8 years ago

OTP system gives us a false sense of security. In reality, it’s not safe at all. Infact I would say it’s one of the easiest ways to steal someone’s money. How? When was the last time you lost your SIM card? If you did, you would know that all it takes is a phone call to customer care to block your number within 2 mins. There is barely any verification. They may just ask for your DOB. Once blocked, you can go to an authorized mobile outlet of the telecom provider and provide a xerox copy of any identity card to get a new SIM activated with the same number within 30 minutes. It’s easy enough to get a Xerox copy of someone’s identity card since we carelessly give it away all the time.

Now tell me where is the security? If intelligent hackers can crack sophisticated ATM systems, OTP will be child’s play.

Akshay Shaha
Akshay Shaha
Reply to  Anjan
8 years ago

Very true…

Naveen
Naveen
Reply to  Anjan
8 years ago

Hmm…will hackers be able to get sim cards of everyone?

At least OTP will avoid mass hacking incidents like these.

Anjan
Anjan
Reply to  Jagoinvestor
8 years ago

Yes, they will. You are not going with just any random person’s ID card, you are going with the Xerox copy of the ID card of the person whose SIM number you want to steal. Getting a xerox copy ain’t very difficult these days, partly due to our own callousness.

Rahul Jain
Rahul Jain
Reply to  Anjan
8 years ago

Dear Anjan,
You have very valid point. Here telecom companies can come to rescue. I have re-issued my Airtel SIM card due to lost cell phone. After all documents I received new SIM card but was tols that “SMS facility will not be available for next 48 hours”.
Someone should smart enough if he lost his SIM card or number de-activated due to any reason to immediately contact telecom service providers. Obviously many times they are not supportive but this is one way which can be improved.