If you used an ATM machine in the past one month anywhere in the country, chances are that the details of your debit card were compromised, and you may lose the whole amount lying in your bank account.
As many as 32 lakh debit cards belonging to banks like SBI, Axis Bank, HDFC and Yes Bank are believed to have been hacked into through a malware that infested into the payment systems of Hitachi Payment Services, which operates the ATMs of Yes Bank across the country.
Though Yes Bank, in response to queries from Catch, denied any problems at its ATMs, saying: "Yes Bank has proactively undertaken a comprehensive review of its ATMs, and there is no evidence of a breach or compromise on Yes Bank ATMs.
"Yes Bank continues to work with relevant stakeholders, including other public sector and private banks, and NPCI (National Payments Corporation of India), to ensure utmost safety and security of its ATM network and payment services, which are completely safe to use."
An Axis Bank spokesperson also said: "The breach has occurred in the case of customers who have used certain non-Axis Bank ATMs. Over the last few weeks, Axis Bank has proactively reached out to the affected customers and advised them to change their Debit Card PINs. The Axis Bank ATM network is fully secured and customers should ideally use Axis Bank ATMs to change their debit card PINs."
A similar response was given by a Mastercard spokesperson quoted by Huffington Post: "We are aware of the data compromise event. To be clear, Mastercard's own systems have not been breached."
What can you do now?
In case you have already lost the money, most banks would not be willing to pay you the refund, as they may claim that the data breach did not happen in their own ATMs.
Though these are the initial claims of the banks and network providers, a detailed probe by the law enforcing authorities will be able to fix liabilities in a better way.
The Payments Council of India has already begun a forensic audit to figure out the responsible party whose systems were hacked, leading to this financial fraud.
However, in the meantime, as a consumer, here are the things that you must do immediately after reading this story:
1. Change your PIN: Customers of all banks except Yes Bank can immediately go to their own bank's ATMs and change their PINs. In the near future, there are chances that those ATM cards at the risk of having lost data will be replaced by their respective banks.
2. Give a call to your bank's customer care department: Ask the bank about each and every transaction that took place over the past two months. If there is any suspected transaction that you never undertook, report it to the bank and ask for clarity.
3. Use your own bank's ATMs only: Since the initial claims state that the Yes Bank ATMs operated by Hitachi have been breached, it is important that you use only your own bank's ATMs for any transactions.
4. If you're a Yes Bank customer: Speak to your bank manager immediately and ask him/her about any threat to using the bank's ATMs. However, as mentioned above, Yes Bank has officially stated its ATMs are completely safe.
Understanding the risks
Technology makes our day-to-day lives easier, but it comes with risks attached. The safest of the payment gateways can be hacked into by sharp hackers.
Recently, hackers stole over $80 million from Bangladesh's central bank, the Bangladesh Bank, from its account at the Federal Reserve Bank of New York, through a malware installed on the bank's computer systems.
According to Vijay Pratap Singh Aditya, a banking technologies expert, data theft on ATMs is 'easy' to do, even without the help of malware attack.
"A contractor who makes debit cards for all the banks or the core banking system as well could have been exposed. The banks will have to look into such possibilities as well," he said.
An report in the Business Standard said that about 70% of ATMs in India are running on outdated operating systems, which makes it easier for fraudsters to crack them. The report quoted Harshil Doshi, strategic security solutions consultant for Forcepoint, a data privacy and security company, saying: "Microsoft withdrew all support to Windows XP about two years back, but many ATMs still run on this OS, which makes them vulnerable to malware and frauds."
The Indian government is trying to encourage more and more people to use online and ATM-based transactions, to control the black money economy in the country. However, for more people to be able to trust these transaction platforms, it is important that banks use state of the art technology to ensure the safety of public money.
Moreover, it would be important for the government to fix liability on somebody to refund the customers' lost money.
Edited by Shreyas Sharma
More in Catch