Banks take measures to curb potential data security breach

A suspected breach of data security of a city-based private sector lender a few months back has led to pre-emptive steps being taken by other banks to thwart any potential troubles, bankers said on Wednesday.

The steps taken by the bankers include asking customers to change the PINs of their ATM-cum-debit cards, which has now gone up one level to changing cards as well, if the customers do not comply.

According to bankers, the breach effected in such a way that anyone using the said bank's ATMs in the region might stand to get affected.

When asked about alleged lapses on its ATM network, an Yes Bank spokesperson said, "Proactively undertaken a comprehensive audit of ATMs, and there is no evidence of a breach or compromise on ATMs.

"We continue to work with relevant stakeholders, including other public sector and private banks, and National Payments Corporation of India (NPCI), to ensure utmost safety and security of ATM network and payment services which are completely safe to use."

HDFC Bank reportedly asked the customers to change their PINs and has also been asking them not to use any other banks' ATMs as a precautionary measure.

After asking its customers who may be potentially hit, the largest lender State Bank of India (SBI) has also started a process to block the cards of those who did not change the security code at its own cost, its spokesperson said on Wednesday.

"Card network companies NPCI, MasterCard and Visa had informed various banks about a potential risk to some cards owing to a data breach. Accordingly, we have taken precautionary measures and have blocked cards of certain customers identified by the networks," SBI said in a statement on Wednesday evening.

"We came to know about security breach and proactively recalled affected cards as we did not want our customers to be at any risk. There was no breach in our system. We are now issuing EMV-based debit cards which cannot be compromised," SBI deputy managing director and chief operating officer Manju Agarwal told PTI.

She, however, declined to give the number of debit cards the bank has recalled. SBI has nearly 20 crore debit cards. There were media reports that said SBI had recalled 6.25 lakh debit cards due to malware-related security breach.

SBI further emphasised that its systems are absolutely fine and not compromised at and that existing cardholders are not at any risks.

"We are in the process of issuing new cards at no cost to those cardholders whose cards have been blocked. This is a cards industry incident and not an SBI only incident," an SBI statement said.

However, all the bankers were quick to claim that the breach has not led to any monetary losses to anyone and all the measures being taken are to safeguard the system against any potential threat.

When contacted, an Reserve Bank of India (RBI) official said the central bank is seized of the matter and is looking into the issue.

Bankers said the problem was first discovered between May and July, and banks have resorted to recall the affected debit cards from September.

"Data processes of one private bank was compromised which affected other banks' customers well. Customers who used that bank's ATM stand to get potentially affected," said another public sector banker.