Three financial institutions, including the BSE, have faced cyber attacks in the last three months. Several banks have faced an increase in some form of cyber attack or security breach in recent times.
Axis Bank recently informed the Reserve Bank of India (RBI) that it had experienced a cyber attack, while the State Bank of India said it was re-issuing over 600,000 debit cards because of a potential security breach.
In some of these, a virus or malware blocks the system, which can be accessed only after a ransom is paid.
“Software viruses were found in three personal computers at the BSE in August, which were identified, separated and quarantined immediately,” said the exchange.
“The viruses did not have any impact on the working of theBSE or any of its departments. The viruses have also not been found to have affected other PCs. The incident was reported to regulatory agencies as part of routine compliance reporting,” the exchange added.
Sources said similar attacks had occurred at the National Payments Corporation and HDFC Bank. However, HDFC Bank and NPCI said that they had not experienced any specific ransom malware threat.
Axis Bank has hired EY to investigate the cyber attack that it had experienced.
There have also been reports that ATM card details of several account holders may have been compromised. Several banks have asked their customers to change their card security details and to stick to their own ATM networks.
A survey on fraud in the financial sector by Assocham and PwC found these caused $20 billion (Rs 1.26 lakh crore) in direct losses annually. The RBI has said the number, frequency and impact of cyber attacks have increased manifold in the past few months. However, experts said in none of these cases has any financial loss been reported.
“The level of preparedness for cyber crime in India is very basic. Companies need to improve their response and detection capabilities,” said a cyber security consultant. The RBI has asked banks to increase focus on cyber security and is checking their preparedness to handle cyber fraud.
Axis Bank recently informed the Reserve Bank of India (RBI) that it had experienced a cyber attack, while the State Bank of India said it was re-issuing over 600,000 debit cards because of a potential security breach.
In some of these, a virus or malware blocks the system, which can be accessed only after a ransom is paid.
“Software viruses were found in three personal computers at the BSE in August, which were identified, separated and quarantined immediately,” said the exchange.
“The viruses did not have any impact on the working of theBSE or any of its departments. The viruses have also not been found to have affected other PCs. The incident was reported to regulatory agencies as part of routine compliance reporting,” the exchange added.
Sources said similar attacks had occurred at the National Payments Corporation and HDFC Bank. However, HDFC Bank and NPCI said that they had not experienced any specific ransom malware threat.
Axis Bank has hired EY to investigate the cyber attack that it had experienced.
There have also been reports that ATM card details of several account holders may have been compromised. Several banks have asked their customers to change their card security details and to stick to their own ATM networks.
A survey on fraud in the financial sector by Assocham and PwC found these caused $20 billion (Rs 1.26 lakh crore) in direct losses annually. The RBI has said the number, frequency and impact of cyber attacks have increased manifold in the past few months. However, experts said in none of these cases has any financial loss been reported.
“The level of preparedness for cyber crime in India is very basic. Companies need to improve their response and detection capabilities,” said a cyber security consultant. The RBI has asked banks to increase focus on cyber security and is checking their preparedness to handle cyber fraud.
About 30 lakh bank debit cards have come under threat after a security breach at a private bank's ATM raised fears of potential fraud, according to media reports. Though this is just about half a percent of total cards issued in the country, this could be the biggest security breach in the Indian banking industry, say reports.
About 30-32 lakh debit cards are learnt to have come under threat of potential fraud after a ATM security breach through malware infestation. According to media reports, the payment systems of Hitachi Payment Services were infested with malware that helped miscreants to steal personal information and do fraudulent transactions.The problem
Banks, cards affected
A report in The Economic Times says citing sources that cards issued by State Bank of India, HDFC Bank, ICICI Bank, YES Bank and Axis Bank as "worst affected". The cards, as per the report, include 2.6 million of Visa and MasterCard and 6 lakh of RuPay cards.
How the breach happened
The breach might have happened at YES Bank as Hitachi manages the bank's ATMs, says a report in The Times of India. The reason why other banks became vulnerable is because YES Bank ATMs see many third party transactions, says the report. What is worrisome is that the breach was effected in such a way that anyone using the bank's ATMs in the region would risk having data compromised, a PTI report said citing bankers.
"Data processes of one private bank was compromised which affected other banks' customers well. Customers who used that bank's ATM stand to get potentially affected," the PTI report quoted a banker as saying without naming the bank. Though the bankers claim the breach has not led to any monetary losses to anyone, the ET report says some customers have complained of unauthorized usage from China.
YES Bank on its part has "proactively undertaken a comprehensive audit of ATMs". "There is no evidence of a breach or compromise on ATMs. We continue to work with relevant stakeholders, including other public sector and private banks, and NPCI, to ensure utmost safety and security of ATM network and payment services which are completely safe to use," a bank spokesperson told the PTI.
Hitachi too has denied that its systems have been compromised. "I do not think it is necessary for any bank to reissue cards," Loney Antony, MD, Hitachi Payment Services, has been quoted as saying in the ToI report.
Steps taken by banks
The breach happened sometime between May and July. Banks have been alerting customers to change the security PIN or even replacing the cards. Bankers have told PTI that all measures being taken are to safeguard the system against any potential threat.
RBI steps
The PTI quotes an RBI official as saying that the central bank is seized of the matter and is looking into the issue. According to the Times of India, the infested systems have been quarantined and inspected, the affected cards have been spotted. The RBI has also asked banks to inform it about any suspected fraud immediately, the report said.
BY SAURABH GULATI
BY SAURABH GULATI
Despite NPCI(National Payment Corporation of India)for promoting and protecting financial transaction there is no reduction in cyber fraud specially in banking. Serious measure is needed.
ReplyDeleteThis comment has been removed by the author.
ReplyDeleteTo avoid such type of frauds banks should invest some money in taking protecting measures like anti skimmers can be installed , some biometrics devices may be used and EMV(EuroPay,MasterCard,Visa) and many more
ReplyDeleteThis comment has been removed by the author.
ReplyDeleteThese fraud are mailnly caused due to fraud institutions which make a fraud calls to the customers on behalf of their banks just to confirm their security pins and their card numbers and sometimes customers tell the details which becomes a major reason for breach
ReplyDeleteI agree with you kanika and would like to add that India needs a serious advancement in cyber security
ReplyDeletegeneral people must be warred about the fraud that took place with there bank,it they revival there bank details with an unknown person who's call them tell iam calling from the bank. they must know that bank never call for bank details.
ReplyDeletethis awareness can be created by street play, nukat natak.
ReplyDeleteMobile cyber security in India has become a cause of concern these days.Mobile phones are now proposed to be used for mobile banking and mobile governance in India.An electronic authentication policy of India can help in more active and secure mobile usages in India.
ReplyDeleteby gagan deep singh