Debit card data breach: SISA to submit forensic report by October 31

As many as 32.14 lakh debit cards are feared to have been 'compromised' by cyber malware attack

Bengaluru-based payment security specialist firm SISA, which has been authorised by the Reserve Bank to conduct forensic audit into the recent debit card data breach, is expected to submit its report in the next 2-3 days.

SISA is expected to give its report to RBI on October 31, sources said.

"This will give us exact picture of the entire incidence. It will give us lead as to where hacking or compromise took place," the sources said.

As many as 32.14 lakh debit cards of various public and private sector banks are feared to have been 'compromised' by cyber malware attack in some ATM systems.

The Hitachi ATMs deployed by many white-label ATM players and Yes Bank were impacted by the malware while usage at other ATMs was completely secured.

Several banks, including state-owned SBI, have recalled a number of cards while many others blocked the ones suspected to have been compromised and asked their customers to change PIN (personal identification number) before use.

Fraudulent withdrawals have been reported from 19 banks so far while complaints have been received from a few banks that their customers' cards were used fraudulently abroad, mainly in China and the US, while the customers were in India.

RBI, in a statement, earlier this week had said it came to its notice on September 8 that details of certain cards issued by some banks had been possibly compromised at ATMs linked to the ATM Switch of one of the service providers.

"The issue is currently being investigated by an approved forensic auditor, under PCI-DSS framework (Payment Card Industry Data Security Standard)," it had said.

It further said the "number of cards misused, as per currently available information, is few".

As a matter of precaution, card network operators concerned were earlier advised to share the details of cards used during the period of such exposure, it said.

The Reserve Bank further said banks have been taking "necessary remedial action to avoid any potential abuse" of such cards in future by unscrupulous elements and protect the interest of their customers.