 "SISA alerts banks about malware attack; asks to reset server passwords")
Security firm Sisa on Tuesday warned all banks and payment processors to reset passwords for employees with access to payment servers. The advisory comes after it discovered that hackers had managed to insert malicious software into the payment switch server of an unnamed bank.
A malicious script (software code) has been injected into the payment switch application server — the hub which communicates with payment networks, a Sisi spokesperson told TOI.
What damage can the malware cause
* The malicious software can collect payment card data (including card number, expiry date, CVV and other customer information)
* This information can be used to clone cards, conduct transactions
* The software can enable transactions by sending a fake response to the payment network. The fake responses ensure that no details of the incoming transaction request or outgoing transaction response are logged in the switch application logs.
Solution
— Payment banks, banks can reset passwords for employees with access to payment servers
— Use two-factor authentication for providing access
Sisa has not yet confirmed whether customer accounts have been compromised or not.
India’s biggest debit card data breach
SISA, a payment security firm, investigated India's biggest debit card data breach in 2016. The breach affected nearly 3.2 million debit cards in 2016, was caused by a malware injection in its systems. SISA confirmed the malware captured both the debit card number and PIN of customers who used their cards at the affected ATMs. However, financial losses were contained because the card issuing banks blocked cards and advised some customers to change their debit card PIN.
“The reason why such cyber attacks are happening today is because of the ineffective implementation of the payment security standards. Organizations need to pay a lot more emphasis to this than they currently do. It’s not the check-the-box approach which has been traditionally followed,” Dharshan Shanthamurthy, founder and CEO of SISA, said.
“This happened to be one such incident. With demonetization, and with an increase in the number of digital payments, such attacks are going to get worse,” he warned.
One subscription. Two world-class reads.
Already subscribed? Log in
Subscribe to read the full story →*Subscribe to Business Standard digital and get complimentary access to The New York Times
Smart Quarterly
₹900
3 Months
₹300/Month
SAVE 25%
Smart Essential
₹2,700
1 Year
₹225/Month
SAVE 46%
*Complimentary New York Times access for the 2nd year will be given after 12 months
Super Saver
₹3,900
2 Years
₹162/Month
Subscribe
Renews automatically, cancel anytime
Here’s what’s included in our digital subscription plans
Exclusive premium stories online
Over 30 premium stories daily, handpicked by our editors
Complimentary Access to The New York Times
News, Games, Cooking, Audio, Wirecutter & The Athletic
Business Standard Epaper
Digital replica of our daily newspaper — with options to read, save, and share
Curated Newsletters
Insights on markets, finance, politics, tech, and more delivered to your inbox
Market Analysis & Investment Insights
In-depth market analysis & insights with access to The Smart Investor
Archives
Repository of articles and publications dating back to 1997
Ad-free Reading
Uninterrupted reading experience with no advertisements
Seamless Access Across All Devices
Access Business Standard across devices — mobile, tablet, or PC, via web or app
SAVE 25%