India’s Big Debit Card Fraud: Beware, This Is Just the Beginning!

Recently, more than 3.2 million debit cards were reported to have been breached into by hackers, and what will concern you the most, is the manner in which the infiltration occurred.

ATM machines serviced and maintained by Hitachi Payment Systems, were compromised by a malware, infecting more than 50 ATMs in the country. This resulted in many account holders of HDFC, ICICI and Axis Bank among others reporting fraudulent money withdrawn from their account.

While this may not have caused a nationwide outcry, it’s hard to deny that the crux of the matter revolves around the current state of digital security. We quickly need to find a fix to safeguard our financial institutions and its supporting cast.

And with India slowly moving to the digital payments arena post demonetisation, cyber experts warn that incidents bigger than this could hit our banks and finances soon.

As scary as it may sound, if by 2018, our ATM machines are still found running on the outdated Windows XP, then we have no one else to blame but us.

70 percent of 2 lakh ATMs in India still run on Microsoft’s Windows XP operating system 

Anand Ramamoorthy, Managing Director, Intel Security, South AsiaIn banks, a breach can happen at multiple levels – like at an ATM, data centre, server network or through mobile banking. The ATM today is an easy target for hackers. 

The lack of security at ATMs have been pointed out time and time again by experts of the domain, but we’re yet to see anything materialise that helps users feel confident about their money lying in the banks.

Nilesh Jain, Country Manager - India and SAARC, Trend Micro The strength of malware has increased over the past year or two. It is hard to keep a track of how quickly these evolve. This is where banks fail to catch up. 

Who to Blame?

In the case of debit card breach, as this Livemint report points out, Yes Bank ATMs serviced by Hitachi Payment Services have reportedly faced the brunt of the malware breach.

In its defence, Yes Bank had refuted those charges in the same report, but a problem nevertheless has popped up in front of everyone.

Ethical cyber expert Yes Bank ATMs are said to be serviced and maintained by Hitachi Payment Services. The bank is answerable for the issue to the RBI, and hopefully this won’t cause panic situations.

He feels that an attack on bigger banking institutions cannot be ruled out, especially when people’s money is slowly shifting to digital platforms.

Ethical cyber expertSince the root of attack comes from ATM machines of Yes Bank, the reported number of debit cards breached is 3.2 million. The damage could have been lot bigger 

He feels that the malware infected on the system could have entered physically by misuse of system, or by gaining remote access to the system.

Kartik Shinde, Partner, Ernst & YoungThe cyber attack could have occurred because of an internal compromise. Someone might have opened an email with an attachment that could be the source of the malware. 

Shinde believes that banks need to adopt stringent policies to tackle such attacks. They should focus on doing due-diligence of the parties involved and restrict control of third party companies like Hitachi Payment services.

Globally, we have seen large-scale heists done in the recent past. More than $80 million was stolen from Bangladesh Bank’s hacked computers, wherein payments are made via Society for Worldwide Interbank Financial Telecommunication (SWIFT).

Kartik Shinde, Partner, Ernst & YoungIncidents of heists have happened before, and will continue to occur in the future. With use of mobile devices increasing in the country and Internet of Things (IoT)-linked payments on the horizon, safety measures need to be taken at the earliest.

All of this does sound scary, but with cause for optimism, Shinde and co highlight that banks need to improve its detection and response systems. Doing so, could help them avert a financial disaster that could have its ripple effect globally.