Security glitch in State Bank of India debit-card

THIRUVANANTHAPURAM: A  software engineer here has detected a major security glitch in the State Bank of India’s debit card / ATM card- based online payment facility.

Though the matter was reported to the bank authorities about three weeks ago, no corrective measures have been taken yet.

M.S. Anoop, who detected the glitch,  said that anyone with minimum software knowledge could  tamper with the one-time password provided he got the basic details that are visible on all bank cards -  debit card number, expiry date of the card and the security code.

However, the same glitch is not there in the credit card or internet banking- based online shopping facilities of the  bank.

When DC brought the matter to the attention of the SBI officials, they maintained that they had not come across any such security glitch.

“So far,  our technical team has not noticed any loophole in the payment gateway and we are confident of our system. Anyway we will look into it,” said an SBI spokesperson.

Though Anoop demonstrated the security glitch to DC, the technique is not being published considering the security risk involved.

“I came across this glitch accidentally and then tried it with some of my friends’  SBI debit cards too. Even then the glitch was there. Though I tried the same technique with a couple of other bank cards, the glitch could not be found,” he said.

As soon as he noticed the glitch on April 1, Anoop informed the matter over an e-mail id chairmansbi.customer@sbi.co.in that was available on the SBI website and offered to share the details of the glitch in person as sharing the technique over e-mail also involved an element of risk.

“They might have ignored my alert as I sent it on the fools’ day!,” laments Anoop, who is working as technical lead in GDS Technologies here.