Date : Oct 24, 2016 – ATM/Debit Card Data Breach
The Reserve Bank of India convened a meeting today with senior officials from select banks, National Payment Corporation of India and card network operators to review the steps taken by various agencies to contain the adverse fall out of certain card details alleged to have been compromised.
It had come to the Reserve Bank’s notice on September 8, 2016 that details of certain cards issued by a few banks had been possibly compromised at Automated Teller Machines (ATMs) linked to the ATM Switch of one of the service providers. The issue is currently being investigated by an approved forensic auditor, under PCI-DSS framework.
The number of cards misused, as per currently available information, is small. As a matter of abundant precaution, however, card network operators concerned were earlier advised to share the details of cards used during the period of such exposure. Based on this, banks have been taking necessary remedial action to avoid any potential abuse of such cards in future by unscrupulous elements and to protect the interest of their customers. Banks have taken measures including advising the customers to change PIN, blocking payments at international locations, reducing the withdrawal limits, monitoring unusual patterns, replacing the cards and re-crediting the accounts of cardholders for amounts wrongly debited.
The Reserve Bank has urged the cardholding bank customers that it is a good practice to change the PIN and passwords periodically and not to share them with anyone for any reason. It has also cautioned that banks do not ask for card or account details from their customers. Customers may, therefore, exercise caution and not reveal such information to any person on phone or email.
The Reserve Bank has already instructed banks on June 2, 2016 to put in place cyber security framework. Banks have once again been advised to review the existing cyber security arrangements. The Reserve Bank has emphasised an early implementation of this framework so that (i) possibility of such incidents happening in future is minimised and (ii) in the event of such incidents, containment measures are taken immediately.
Press Release : 2016-2017/1014