CHENNAI: As a virus or malware infection compromised millions of debit cards across the country, cyber experts and affected customers blamed the banking institutions in India of not having formulated a policy to keep a check on cyber attacks. Cyber experts also asked customers not to ignore any message from the bank asking them to visit their branch or nearest ATM to change their debit card pin.
Millions of people got a shocking text message from their banks that said their savings or current accounts could have been compromised and hence they should change the transaction pin. "I have always felt insecure about online transactions and using debit cards. I never understood the process and today what I feared the worst has happened. I was shocked to read a message from my bank asking me to change my ATM pin. What kind of security they have? How do banks claim that our money is safe when they can't ward off a cyber attack?" asked an angry customer, Arunima Singh, who holds a savings account with a leading private bank.
Leading cyber security expert J. Prasanna echoes Ms Singh's fears and alleges technically all banks (in India) are vulnerable to cyber attacks in the absence of a proper policy. "The policymakers don't understand the seriousness of the problem. I, as (cyber security) auditor, have been warning the banks to reframe their security policies. But that has fallen on deaf ears. None of the current procedures of the banks including the RBI, GoI or the MoF can protect the data," added Prasanna.
Holding that the vulnerability still exists in every bank, Mr Prasanna says the institutions close their eyes and when it comes to auditing, they stipulate what should be audited. "It's a pity that the public or bankers think that since the systems are internally linked, they are not susceptible to attacks. But fraudsters are always smart," he said and warned that in the future economy would collapse if the issue was not addressed immediately.
Another expert, who did not want to be named, says the banks and the government should enact policies and ensure that such attacks don't recur. Of the debit cards affected, 2.6 million are on Visa and MasterCard platforms and as a precautionary measure; banks have sent text messages and e-mails to their customers asking them to change their pins. "The banks cannot just get away with this; they need to be made accountable. Many people have their entire savings in the bank," Naveen Kumar, a software professional, who also received a message, says. The suspected security breach happened through a malware in the systems of Hitachi Payments Services, which serves ATM network of several banks.