In biggest ever security breach of over 32 lakh debit cards of various banks, several banks have recalled a large number of cards while others such as, HDFC Bank, have urged customers to change their PINs (personal identification number) before using them.
Bankers said the recalled cards include those that have been replaced as a 'pre-emptive measure', while in many cases the customers have been asked to mandatorily change the PIN and other security numbers to resume using the blocked cards.
Meanwhile, the government today sought to calm people down by saying that the compromised debit cards constitute only a small number of the total such cards which are "completely safe" and there was no need to panic.
"Only about 0.5 per cent of total debit card details were compromised while remaining 99.5 cards are completely safe and bank customers should not panic," Department of Financial Services Additional Secretary G C Murmu told PTI.
While there were some reports about certain cards, affected by security breach, having been used fraudulently abroad including in China, bankers appeared putting the blame on a payment services provider that manages ATM network of a private sector bank.
State-run SBI is said to have re-called around 6 lakh cards, while others like Bank of Baroda, IDBI Bank, Central Bank and Andhra Bank have also replaced debit cards of several customers as a pre-emptive measure.
Among the private sector players, ICICI Bank, HDFC Bank and Yes Bank have asked customers to change their ATM PINs.
HDFC Bank also advised its customers to use its own ATMs for carrying out any transaction.
The suspected security breach happened through a malware in the systems of Hitachi Payments Services, which serves ATM network of Yes Bank.
Hitachi provides payment services through ATM services, point of sale services (POS), emerging payments services and banking channel products like cash recycling ATMs and auto passbook entry machines.
Yes Bank sought to distance itself from the breach and stressed on need to police service providers in a better way.
"There needs to be a lot more vigilance where there are outsourcing partners to make sure they don't endanger the delivery and system risk, and there's a fair amount of policing as far as outsourcing risks are concerned," Yes Bank chief Rana Kapoor told reporters.
According to bankers, the breach took place in such a way that anyone using the said bank's ATMs in the region might stand to get affected.
Concerned over the issue, the Finance Ministry has sought details from banks as also the additional steps that need to be taken to avert such incidents.
According to the Ministry sources, the Department of Financial Services has sought information about implication of such data compromise from Indian Banks Association.
In a statement, NPCI today said the complaints of fraudulent withdrawals so far have come from 641 customers and the total amount involved is Rs 1.3 crore as reported by various affected banks.
There are around 60 crore debit cards operational in India, of which 19 crore are indigenously developed RuPay cards while the rest are Visa and Master Card enabled.
(With inputs from PTI)