Following close on the heals of the sensational news wherein an India based Call Centre duped millions from unsuspecting Americans posing as IRS, the Card breach is mind boggling. With over 32 lakh debit cards compromised in India’s largest banking security breach, the government today went into damage control mode, assuring customers that there is no cause for alarm and prompt action will be taken.
Finance Minister Arun Jaitley asked RBI and banks to submit a report on the issue.
However its surprising that Banks knew about the debit card security breach six weeks ago but did not take action. A greater alacrity and ethical reporting of the matter to police and banking regulator should have minimized its impact
According to the National Payments Corporation of India, as many as 641 customers across 19 banks have been duped of Rs 1.3 crore using stolen debit card data.
Even if disclosure is not in interest of bank, it is imperative for consumers to know what is happening with their bank accounts
The government asked regulator Reserve Bank of India (RBI) as well as banks to provide details of the data breach and also preparedness to deal with cyber crimes.
“Have sought a report in the debit card issue. The idea is to contain the damage,” Jaitley told reporters here.
Department of Economic Affairs Secretary Shaktikanta Das said a report has been sought on all aspects.
“There is no cause for alarm, the integrity of IT system of banks is robust and whatever action is required, the government will take promptly,” he told reporters here.
The government, he said, is seized of the matter and reports have been called from RBI and banks to know what exactly has happened.
A preliminary input “sort of report” has already come in and the government is awaiting further details from the final report, he said.
“After getting the report… whatever action is required, necessary action will be taken by the government,” he said.
Earlier, speaking on sidelines of a German government event, Das said, “Customers should not panic because these hackings are done through computer and trail can easily be reached… they should not be alarmed. Whatever action has to be taken, it will be done with speed.”
Of the debit cards affected, about 26.5 lakh are on Visa and MasterCard platforms while 6,00,000 are on RuPay. The breach reportedly involved some 90 ATMs.
While Visa and MasterCard, in separate statements, have stated that their own networks had not been compromised, Hitachi subsidiary Hitachi Payment Services, which manages some of the ATM network processing, was investigating the matter, including whether there was a malware problem.
It is not the first time that such data breaches have taken place. In early 2015, fraudsters were found to be using credit card data stolen from Target and Home Depot to create Apple Pay accounts. The fraudulent accounts were then used to buy big ticket items. In particular, Target has been under siege by hackers. After the last major data breach, the impact on sales was large and long lasting.
Data breaches have huge international ramifications and can even get exploited to malign companies and countries. Sony Pictures found out the hard way what can happen when you make a colossal mistake like storing passwords in a file on your computer called “password.” While the Sony incident was politicized as a U.S.versus North Korea issue, it has debilitated Sony’s financial viability from a business perspective internationally.
Quite simply, over the long run data breaches can have a severe strategic and financial impact on companies. Data beaches are – and should be – considered as a paramount strategic issue in the digital age.