MUMBAI: In one of the biggest ever breaches of financial data in India, banks have reported malware intrusions through scores of ATMs across country and questionable financial transactions in China has prompted them to block millions of debit cards and asked others to change their PIN.
Banks have directed as many as 3.2 million of their debit card holders to change their PIN immediately. Several victims have reported unauthorised usage of their cards from locations in China.
Of the cards, 2.6 million are said to be on the Visa and Master-Card platform and 600,000 on the RuPay platform.
The worst-hit of the card-issuing banks are State Bank of India, HDFC Bank, ICICI Bank, YES Bank and Axis Bank, the people said.
The breach is said to have originated in malware introduced in systems of Hitachi Payment Services, enabling fraudsters to steal information allowing them to steal funds. Hitachi, which provides ATM, point of sale (PoS) and other services, couldn't be reached for comment.
A forensic audit has now been ordered by Payments Council of India on Indian bank servers and systems to detect the origin of frauds that might have hit customer accounts.
NPCI Managing Director AP Hota said: "We have received complaints from banks about debit cards being used in China which aroused suspicion. Though most of the suspected fraudulent transactions happened in the Visa and MasterCard network, we thought a forensic audit of the entire network will help us find out where the compromise happened."
HDFC Bank said: "We are advising our customers to use only HDFC Bank ATMs as we believe security controls at some of the other bank ATMs may not be at par with HDFC Bank ATMs. We take this opportunity to reiterate that it's always prudent to change ATM PINs from time to time. It prevents misuse."
SBI said it would reissue 600,000 debit cards following a malware-related security breach. The bank also asked customers to change their PIN numbers as well.
"Based on the complaints we have received, we are suspecting a compromise on the non-SBI ATM network which could include various white-label ATM service providers," SBI Chief Information Officer Mrutyunjay Mahapatra said.
"Therefore, as a precautionary measure, we have blocked six lakh debit cards. We have assured our customers that there has not been any breach on the ATM network of SBI."
Banks had been receiving multiple complaints from customers about cards being used in China at various ATMs and point of sale terminals. They in turn alerted Visa and MasterCard. A forensic audit is being conducted by Bengaluru-based payment security specialist SISA.
Some sources said the malware infection took about six weeks to detect, compromising transactions that took place during this period. As many as 3.2 million cards were used on the Hitachi network during this time.