In the wake of biggest possible financial data breaches in India where it is suspected to have compromised at least 32 lakh debit cards, let us understand how the back-end system works in ATM operations. HDFC Bank, SBI, Yes Bank and Axis Bank are worst hit.
In an exclusive interview to News Nation Digital, SC Sinha, former Executive Director of Oriental Bank of Commerce, has talked about the major cyber-attack at the back-end system of a bank.
Here are excerpts from the interview:
Question: Can you throw some light on how the bank security has been breached?
Answer: There is a switch mechanism which ATM machines use. ATM requests go to switch verification, and then it comes to banks. The total process takes 15-17 seconds. Somebody hacked the switch. There is chance that 1-2 switch have been hacked. But, it would not be more than 2. Switch was compromised. Investigation is still going on. Banks will come out with the investigation report soon. All the ATMs are tagged to switch. Due to the hacking, cloning of cards has taken place. However, the system is well defined.
Question: What measures can Indian banks take to safeguard the same in the future?
Answer: Banks are planning for automatic alert where change of PIN will be requested. Bank will send message to change PIN. Also, the affected cards have been blocked. They will be issued new cards. One-time password (OTP) system is also thought of. But it is very time consuming. There is generally a long queue. Best way to secure from such attacks is to change the PIN. It can be made mandatory to change the PIN in every 2-3 transactions.
Question: Are a large number of third-party transactions on ATM machines of a specific bank vulnerable to malware attacks, if so can an alternative mechanism be thought-of?
Answer: Switch is managed by other security agencies and they are subject for investigation.
Question: From a common man's perspective, how safe is his/ her money in the Indian banks which have been affected by security breach?
Answer: It is safe. Banks are making all efforts to ensure that such thing don’t happen in future. The bank will be issuing another fresh new card to those who have been affected. There is a provision of insurance as well. Bank will address it and try to minimize the loss as much as possible.
Question: Is there some kind of an audit mechanism whereby the banks do a periodic or random check of how safe their network systems (back-end) are?
Answer: Yes, there is an audit mechanism. Audit of system is done frequently. It is a regular thing in Banks. In this case, there will be forensic audit where special agencies will be brought in.
Question: How secure it is to use other banks' ATM machines?
Answer: It is safe to withdraw money from other bank’s ATMs. There is no problem with it.