ICICI Bank, Kotak Bank, others issue SMSes to customers to curb financial fraud

In  a move to curb the ongoing financial data breach occurring via ATM, debit and credit cards, banks in India have started issuing SMS notifications to customers advising them to change passwords of their cards on an immediate basis.

"Dear customer, due to security reasons, we request you to change your debit card PIN immediately at the nearest ICICI Bank ATM or through Net Banking. Please note that international cash withdrawal limit has also been changed to Rs 7,000 per day. For details, please call customer care at 022-33667777," read one such SMS alert sent by ICICI Bank to customer on October 3. 

Similarly, Central Bank of India issued an SMS to its customers on September 30, saying,"We have received reports and alerts regarding misuse of few debit and credit cards by miscreants. Please change your PIN immediately to make your card more secure. Also, do not share your card details like card number, CVV, PIN, OTP, etc., with anyone even if claiming to be bank staff." 

Kotak Mahindra Bank in its SMS notification to customers on September 23, said, "Dear customer, to secure your account from the increasing frauds at ATMs, we advise that you change the PIN for your debit card ending 4320 at the earliest.You can change your PIN via Net Banking, Mobile Banking or any Kotak Bank ATM." 

Around 3.2 million debit cards are said to be compromised in the financial data security breach, cited The Economic Times report on Thursday. 

Of the cards, 2.6 million are said to be on the Visa and MasterCard platform and 600,000 on the RuPay platform, it said.

As per the Business Standard report, several reports suggest that the breach is said to have originated in malware introduced in the systems of Hitachi Payment Services, which has enabled fraudsters to steal information.

Hitachi Payment Services manages the ATM network processing for Yes Bank. Other banks have reportedly been affected because Yes Bank ATMs see third-party transactions too,  it said. 

The newspaper citing the bankers said the breach effected in such a way that anyone using the said bank's ATMs in the region might stand to get affected. 

Bankers further said the problem was first discovered between May and July, and banks have resorted to recall the affected debit cards from September this year. 

The worst-hit of the card-issuing banks are State Bank of India (SBI), HDFC Bank, ICICI Bank, YES Bank and Axis Bank, said The Economic Times news report citing the people in the know-how of the development. 

Following a malware-related security breach, State Bank of India (SBI) will reissue 6 lakh cards, The Times of India had reported on Wednesday.

"Based on the complaints we have received, we are suspecting a compromise on the non-SBI ATM network which could include various white-label ATM service providers," The Economic Times report said quoting SBI Chief Information Officer Mrutyunjay Mahapatra, as saying. 

"Therefore, as a precautionary measure, we have blocked six lakh debit cards. We have assured our customers that there has not been any breach on the ATM network of SBI," Mahapatra added. 

"Card network companies NPCI, MasterCard and Visa had informed various banks in India about a potential risk to some cards... owing to a data breach," Reuters reported citing SBI on Wednesday, further adding, "that its own systems had not been compromised."

SBI told Bloomberg on Thursday that the bank has taken precautionary measures and blocked cards of certain customers. 

On alleged recent lapses on its ATM network, YES Bank told Bloomberg on Thursday that  there's no evidence of breach on the banks ATMs and it has proactively undertaken comprehensive review of ATMs.

Similarly, after a  latest cyber attack to its ATM, Axis bank issued a statement to Reuters on Wednesday stating there was no loss to customers in the attack. 

"Our internal monitoring mechanism identified such a threat recently and all steps have been undertaken to neutralise the same," the bank said in a statement to Reuters.

MasterCard too issued an e-mail statement on Thursday stating that its systems are not breached in India card compromise issue, Bloomberg reported. MasterCard has asked customers to review account statements.

According to The Economic Times report on Thursday, banks had been receiving multiple complaints from customers about cards being used in China at various ATMs and point of sale terminals.

In order to protect customers from cyber attack, the banks are taking steps such as asking customers to change the PINs of their ATM-cum-debit cards, which has now gone up one level to changing cards as well, if the customers do not comply,cited the recent Business Standard report.

Banks have also been asking their customers not to share their passwords with any other person in order to avoid security breaches such as skimming and cloning of cards.

In order to protect your card being skimmed or cloned, do change password of your ATM, debit or credit cards on an immediate basis.