Three million debit cards at risk after hackers raid Indian payment systems

It wasn't us, gov! Hitachi Payment Services denies its ATMs were pwned

Got Tips? 3 Reg comments

A suspected security breach has led banks in India to warn 3.25 million customers to replace their debit cards or change the PINs.

National Payments Corporation of India (NCPI), the umbrella organization for the nation's retail IT systems, said customers at 19 banks were affected. We're told 641 people have been defrauded – approximately $200,000 has been taken, largely from cloned cards used in Chinese and US ATMs.

"Necessary corrective actions already have been taken and hence there is no reason for bank customers to panic," said NPCI CEO Mr Abhaya Hota. "Advisory issued by NPCI to banks for re-cardification is more as a preventive exercise."

The recall of RuPay, Visa and MasterCard debit cards has hit a slew of banks: State Bank of India, HDFC Bank, ICICI Bank, Yes Bank and Axis Bank. Early reports suggested the problem had been at the backend systems of Hitachi Payment Services (HPS), which runs a network of 48,000 ATMs and 230,000 sales terminals across the country, but the firm has denied this.

HPS managing director Loney Antony told the Deccan Herald that some banks had reported compromised cards back in July. His firm had conducted an internal investigation and found nothing wrong. When the problems reoccurred in September – and in such numbers that a recall was ordered – HPS called in external auditors.

"We had appointed an external audit agency in the first week of September to check the security of our systems for any breach or compromise based on a few suspected transactions that were highlighted by banks for whom we manage their ATM networks," he said. "The interim report published by the audit agency in September does not suggest any breach or compromise in our systems."

Nevertheless, banks are advising their customers to not use third-party ATMs for the moment as a precaution and the card recall is going ahead. ®

Sponsored: Webcast: Discover and secure all of your attack surface


Biting the hand that feeds IT © 1998–2020