India’s Biggest Debit Card Fraud (Download PDF)

Doorsteptutor material for IAS is prepared by world's top subject experts: Get detailed illustrated notes covering entire syllabus: point-by-point for high retention.

Download PDF of This Page (Size: 174.78 K)

Around 32 lakh debit cards of various banks were affected by malware (biggest security crack ever) silently moved into a bank’s server with the possibility of the virus exploiting vulnerabilities in systems. This kind of attack is known as advanced persistent threat (ABT).

Over the past few years, banks have been fighting cyber strikes such as “distributed denial of service” (or DDoS, the cyber-attack in which perpetrator make network resource unavailable for its intended users). Because of this, bank system goes down or slows down frustrating the customers.

Debit cards of Many India banks including the State Bank of India (SBI), HDFC Bank, Yes Bank, and ICICI Bank were hacked.

SBI had blocked customers’ debit cards and re-issued fresh card free of cost. Around 0.6 million debit cards were re-issued after they recognized that security breach was caused by malware in some non-SBI ATM networks.

About 26 lakh of these cards are Visa and MasterCard whereas around 6 lakh are RuPay.

Image of India's Biggest Debit Card Fraud

Image of India’s Biggest Debit Card Fraud

Image of India’s Biggest Debit Card Fraud

How Did the Biggest Fraud Unfold?

  • 5th September: some of the banks including SBI, HDFC Bank, Yes Bank and ICICI Bank detected fraudulent transactions- debit cards of India customers were used in China and US.
  • Banks informed National Payments Corporation of India (NPCI) - NPCI has oversight over retail payment systems in India.
  • Malware was found by the NPCI in the systems of Hitachi Payment Services, which are used in ATMs, point of sale, and other providers.
  • Early to May 2016 Probe also finds ATMs compromised and the breach arisen in the ATMS of a particular private bank
  • As per ET news report, it took 6 weeks to detect and by than around 3.2 million cards were used at Hitachi network.
  • Visa, MasterCard, and RuPay informed banks to warn customers.
  • Banks had informed customers to change PIN or block cards in certain cases.

What Kind of Virus is This?

  • This Fraud was implemented through malware on an ATM network.
  • Malwares damaged ATMs or bank’s computer systems allowed fraudsters to access private debit card data.
  • At a Malware affected ATM if one were to swap the card then the data is transmitted to fraudster.
  • To prevent this Banks are planning to Issue chip-based cards pending a report from forensic audit of the breach

What Steps Banks Have Taken for Protection?

  • Mostly this kind of fraud is performed on those cards which are not chip-based, so banks are planning to replace all the cards with chip-based cards. Chip based cards transmit all the data after encryption.
  • The Maharashtra Police is investigating the security breach and requested to RBI for information on the fraudulent transactions.
  • The council of Payment Card Industry Data Security Standard (PCIDSS), responsible for data security standards, has demanded forensic audit of the data breach in India (to be competed till the end of this month).

Preventing Frauds:

  • Keep your PIN private even from bank employees and family members.
  • No one should see your PIN while you are entering it.
  • Leave ATM once ‘Welcome’ screen is displayed after completing transaction
  • Give your current mobile number to bank to get all information about each transaction.
  • Any suspicious activity around the ATM should be reported to the authorities.
  • Make sure transaction is completed when the merchant gives you back your card.
  • Make sure no any extra devices are attached to the ATM
  • Lost or stolen ATM/Debit card should be immediately reported to the bank.
  • Regularly check transaction alert SMS’s and bank statements.
  • Do not write your PIN on the card.
  • Do not take help from strangers and do not give your card to anyone.

- Published/Last Modified on: October 28, 2016


Developed by: