Security News Three million debit cards at risk after hackers raid Indian payment systems

Solarquest

Moderator
Thread author
Verified
Staff Member
Malware Hunter
Well-known
Jul 22, 2014
2,525
It wasn't us, gov! Hitachi Payment Services denies its ATMs were pwned
A suspected security breach has led banks in India to warn 3.25 million customers to replace their debit cards or change the PINs.

National Payments Corporation of India (NCPI), the umbrella organization for the nation's retail IT systems, said customers at 19 banks were affected. We're told 641 people have been defrauded – approximately $200,000 has been taken, largely from cloned cards used in Chinese and US ATMs.


"Necessary corrective actions already have been taken and hence there is no reason for bank customers to panic," said NPCI CEO Mr Abhaya Hota. "Advisory issued by NPCI to banks for re-cardification is more as a preventive exercise."

The recall of RuPay, Visa and MasterCard debit cards has hit a slew of banks: State Bank of India, HDFC Bank, ICICI Bank, Yes Bank and Axis Bank. Early reports suggested the problem had been at the backend systems of Hitachi Payment Services (HPS), which runs a network of 48,000 ATMs and 230,000 sales terminals across the country, but the firm has denied this.

Your security is our priority. We regret the inconvenience caused & will be issuing new cards against all blocked cards at no extra cost. pic.twitter.com/SPK8BbSeHa

— State Bank of India (@TheOfficialSBI) October 19, 2016
HPS managing director Loney Antony told the Deccan Herald that some banks had reported compromised cards back in July. His firm had conducted an internal investigation and found nothing wrong. When the problems reoccurred in September – and in such numbers that a recall was ordered – HPS called in external auditors.

"We had appointed an external audit agency in the first week of September to check the security of our systems for any breach or compromise based on a few suspected transactions that were highlighted by banks for whom we manage their ATM networks," he said. "The interim report published by the audit agency in September does not suggest any breach or compromise in our systems."

Nevertheless, banks are advising their customers to not use third-party ATMs for the moment as a precaution and the card recall is going ahead. ®
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top