Indian banking system is shaken by the recent massive data breach involving approximately 3.2 million debit cards. This is the biggest-ever financial data breach the country has experienced to date. Banks have received complaints from customers on fraudulent usage of their card, mainly in China and US while they were in India. Customers from 19 leading banks were reportedly affected by this malware-related security breach; of which State Bank of India, ICICI Bank, HDFC bank, YES Bank and Axis Bank have been the worst hit.
Banks have been alerted by all the card networks. Of the data stolen, 2.6 million debit cards are on Visa and MasterCard platform and 6 lakh are on India’s own RuPay Platform. As per National Payments Corporation of India (NPCI) the number of complaints received is about 150 and about 90 ATMs have been compromised.
The extent of financial loss and the quantum of risk due to the breach are yet to be ascertained completely. However, most of the affected banks have already asked their customers to change their ATM PIN and replaced debit cards of the affected customers as precautionary measures. A leading player, State Bank of India has already re-called around 6 lakh cards of possible affected customers and is also in the process of reissuance. Many biggest private players have blocked and replaced the debit cards of their affected customers as a pre-emptive measure.
So, while agencies investigate the matter, we are going to share some dos and don’ts that can help you protect your cards.
- Change your ATM PIN Regularly: Almost all the affected banks have already sent out an SMS or email to their customers asking to change the PIN as it’s a mass data security breach. Never ignore your banks advice to change the password. It is always a best practice to change your passwords once in 3 to 6 months for protection of your account. It’s also important to not re-use the old PIN’s to avoid any unauthorized access to your account.
- Memorize your PIN: Never write your password on your debit card. Ensure to keep the card and PIN separately. It’s even better to keep the PIN stored in your memory instead of writing it in a piece of paper or in your phone memo.
- Transact Online only at Reputed Online Merchants: It’s better to transact online with the known and reputed merchants. Never allow the browser to remember your password as it’s an important security component. To avoid online frauds, always prefer to type your internet banking URL while transacting online.
- Monitor your account regularly: Keep checking your accounts and transaction in your net banking on a regular basis. If any suspicious transactions are noticed, instantly report to your bank.
- Don’t have “Easy-to-guess” Passwords: Never keep easy to guess passwords like your date of birth, car registration number or house number. Always cover your keypad with your hand to stop anyone from seeing the PIN
- Never Share your PIN with Anyone: Don’t ever share the important information related to your card such as card number, CVV, OTP, PIN, expiry date or URN with anyone, not even with the bank employee or to your relatives. Sharing such details could put you in trouble by increasing the chances of unauthorized access to your financial data.
But if you do fall or have fallen victim to the hack, don’t lose hope. Be proactive in reporting any loss to the bank immediately for them to act upon it. According to RBI, if the fraud is due to the failure of bank’s security system, then the bank is liable to bear such losses.