Debit and Credit Card Data Breach

The Reserve Bank of India convened a meeting today with senior officials from select banks, National Payment Corporation of India and card network operators to review the steps taken by various agencies to contain the adverse fall out of certain card details alleged to have been compromised.

It has come to the Reserve Bank’s notice on September 8, 2016 that details of certain cards issued by a few banks had been possibly compromised at ATMs linked to the ATM Switch of one of the service providers. The issue is currently being investigated by an approved forensic auditor, under PCI-DSS framework.

The number of cards misused, as per currently available information, is few. As a matter of abundant precaution, card network operators concerned were earlier advised to share the details of cards used during the period of such exposure. Based on this, banks have been taking necessary remedial action to avoid any potential abuse of such cards in future by unscrupulous elements and to protect the interest of their customers. Banks have taken measures including advising the customers to change PIN, blocking payments at international locations, reducing the withdrawal limits, monitoring unusual patterns, replacing the cards and  re-crediting the accounts of cardholders for amounts wrongly debited.

The Reserve Bank urges the cardholding bank customers that it is a good practice to change the PIN and passwords periodically and not to share them with anyone for any reason. Banks do not ask for card or account details from their customers, hence, customers may exercise caution and not reveal such information to any person on phone or email.

The Reserve Bank of India has already issued instructions to banks vide Circular dated June 2, 2016 on Cyber Security Framework in Banks. Banks have once again been advised to review the extant cyber security arrangements. RBI has emphasized an early implementation of this framework so that (i) possibility of such incidents happening in future is minimised and (ii) in the event of such incidents, containment measures are taken immediately.

RBI Press Release : 2016-2017/1014