News Nation Logo


Debit card security breach: Cards fraudulently used in China and USA while customers were in India, says NPCI

In One Of The Biggest Bank Security Breach Where About 3.2 Million Debit Cards May Have Been Compromised, The National Payments Corporation Of India (NPCI) Has Issued A Detailed Statement. The Agency Has Said That It Has Received Complaints From Banks That Debit Cards Have Been Fraudulently Used In China And USA.

News Nation Bureau | Edited By : Ashish Ranjan | Updated on: 21 Oct 2016, 12:17:30 AM
Complaints received about fraudulent use of debit cards in China, USA: NPCI

New Delhi:

In one of the biggest bank security breach where about 3.2 million debit cards may have been compromised, the National Payments Corporation of India (NPCI) has issued a detailed statement. The agency has said that it has received complaints from banks that debit cards have been fraudulently used in China and USA.

NPCI stated its position as under:

# The genesis of problem was receipt of complaints from few banks that their customer’s cards were used fraudulently mainly in China and USA while customers were in India. Apprehending that this could be a case of card data compromise, all the ATMs / PoS terminals in India and three card networks – RuPay, Visa and MasterCard worked in a collaborative manner in the month of September 2016.

# It was established through the analysis post such frauds were reported that there was a possible compromise at one of the payment switch provider’s system. Based on the analysis, NPCI and other schemes identified the period of compromise and the possible card numbers which could have been compromised during that period.

Also read: 32 lakh debit cards affected by security breach: HDFC, SBI, Yes Bank, ICICI and Axis worst hit

# Though there were no complaints from any of the RuPay cardholders, NPCI as a domestic utility for ATM payments has taken the lead role for proactive steps in discussing the matter with various banks and card networks.

# The complaints of fraudulent withdrawal are limited to cards of 19 banks and 641 customers. The total amount involved is Rs. 1.3 crore as reported by various affected banks to NPCI. Cards of all these complainants are related to other card schemes. There is no RuPay cardholder who had lodged any complaint for such fraudulent usage.  

Also read: Finance Ministry seeks information from banks after reports of major security breach of debit cards 

# All affected banks have been alerted by all card networks that a total card base of about 3.2 million could have been possibly compromised. Out of this 0.6 million are RuPay cards.

# It was suspected that a compromise was at switch level which is PCI-DSS certified. Hence, subsequently PCI Council (the international body which sets standards on for PCI–DSS) was persuaded to conduct a forensic audit of the switch of one bank which is likely to be the point of compromise. The forensic study is in progress and NPCI is in touch with relevant stakeholders.

Also read: SBI and its subsidiary banks block 6.25 lakh debit cards after suspicious transactions at third-party ATMs

# Based on the advisory issued by NPCI and other schemes, it is gathered that banks have advised their customers to change their debit card PIN. In situations where customers could not be contacted, the cards have been blocked and fresh cards are being issued by member banks.

# NPCI is closely working with all stakeholders and once the forensic investigation is over and the root cause is identified, we will issue a further set of recommendations as precautionary measures to member banks.

For all the Latest India News, Download News Nation Android and iOS Mobile Apps.

First Published : 20 Oct 2016, 11:45:00 PM