With around 32 lakh debit cards of several banks being compromised at one bank’s ATMs, India may be facing its biggest cyber bank fraud. Experts feel this debit card breach, which may have occurred a few months ago, has been contained and its impact is minor as only 641 people complained of unauthorised sums being charged to their accounts, that adds up to over Rs 1.3 crore. But the scale of the breach should be a warning of how the banks’ data infrastructure can be compromised and stolen. There are reports that Pakistani cyber criminals may target Indian banks, perhaps even with official blessing given the current climate.
No one knows whose card details have been stolen and cloned, therefore millions of Indians (given that there are 7.12 crore debit cards issued in India) are worried, particularly as it is possible in this country to use one bank’s card in the ATMs of different banks. It would be wise for everyone to change the PIN on their cards. There are other precautions to take, like linking a card to a mobile number to get alerts in case of every transaction, that all Indians don’t do. Everyone is not a cyber security expert, but all must follow a series of instructions and precautions on how to use ATMs and be able to spot the vulnerable ones, particularly in remote locations, that may be more open to skimming frauds by criminals.
The Reserve Bank expects all banks to have a more robust cyber security policy framework. So far, what we have is a system copied from the West, which reacts well after the event, though it must be said that the Indian method of a pre-transaction/pre-sale two-step verification process is twice as safe as it is abroad. In facing such scams of stealing or leaking of data, users must be aware that the thief has to get lucky just once, while the system has to be lucky every time. To stay one step ahead of criminals and scamsters who sell card data internationally is a huge challenge. Is there a way to bring the two-step authentication into ATM transactions?
Malwares sneaking into ATMs can be damaging enough, but what master criminals really aim at is point-of-sale machines where millions of credit and debit cards are used by shoppers buying goods and using services. The need for standard forensic audits in banks right through the year has been stressed by experts as a basic firewall to put up against fraud. Not only banks, but everyone who collects data in the course of business, must be made accountable for the safety of their infrastructure as well as the data itself. This is a huge task if we are to move towards becoming a cashless society.
