Debit card data breach: Too small a number or a wake up call for JAM?

Finance Ministry of India on Friday said that the number of debit cards impacted by the data breach is 0.5%. Surely the number looks to small but it does have the possibility to have a wider impact. 

Moreover, will it cast a shadow on Prime Minister Narendra Modi's aim of making India a cashless society? 

On Thursday, AP Hota, MD and CEO of National Payments Corporation of India, in a statement said that the total amount involved is Rs. 1.3 crore as reported by various affected banks to NPCI. The complaints of fraudulent withdrawal are limited to 19 banks and 641 customers. 

Between Visa, Mastercard and RuPay, a total of 32 lakh debit cards have been affected, reports say. 

The statement mentioned that no complaints were lodged from any of the RuPay cardholders. But, out of 3.2 million accounts, 0.6 million were RuPay cards which could have been possibly compromised.

"It was suspected that a compromise was at switch level which is PCI-DSS certified. Hence, subsequently PCI Council (the international body which sets standards on for PCI–DSS) was persuaded to conduct a forensic audit of the switch of one bank which is likely to be the point of compromise. The forensic study is in progress and NPCI is in touch with relevant stakeholders", NPCI said in the statement.

As per the data available with the Reserve Bank of India, till July end, number of outstanding debit cards were 69,72,22,455 or nearly 70 crore cards are operational in the country from 56 banks. 

Out of 19 banks, according to the RBI data, the total number of debit cards issued by nine banks namely Axis Bank, ICICI Bank, State Bank of India, HDFC Bank, Punjab National Bank, Yes Bank, Central Bank of India, Kotak Mahindra Bank and Federal Bank, till the end of July was nearly 35,45,63,683 or 35 crores approximately, which is about 49% of the total number of cards issued in India.

As part of his JAM initiative (Jan Dhar, Aadhar and Mobile), PM Modi during Mann ki Baat in May 2016 said that the country should move towards becoming a cashless society. 

He had said, "I urge my fellow citizens to begin using the electronic modes of cashless transaction and illegal businesses will close down...transparency will come and black money will disappear. Through electronic means and usage of technology, we can both pay and receive money. There was a time when transactions happened through barter system. Then notes and coins came. Now, the world is moving towards a cashless society." 

Finance Ministry Arun Jaitley, too, during his Budget speech of 2015 spoke about moving towards a cashless society in order to curb black money. He had said, "One way to curb the flow of black money is to discourage transactions in cash... now that a majority of Indians have, or can have, a RUPAY debit card," the finance minister said while presenting the Union Budget 2015-16 in parliament."

The Government and Reserve Bank of India (RBI) has been working on ways to reduce cash transactions in Indian economy. Business Standard, in May, reported, "...formed a committee last month, of seven members, chaired by a ministry official, Neeraj Kumar Gupta. This group is looking at how to ensure the acceptance of card payments is increased. This will require more of point-of-sales (PoS) machines."

Can the Government curtail the issues related to this massive data breach in time or will PM Modi's idea of cashless India take a setback?