Card data breach on account of 3rd party processor: Banks

Several lenders, including ICICI Bank and HDFC Bank, told stock exchanges that debit card data security breach was on account of third-party payment processor and the amount involved was not material.
Banks also told BSE and NSE that they have taken appropriate steps on their part to deal with data compromise, besides reporting the matter to the payment gateways network companies NPCI, Visa and Mastercard.
"There was no breach incident within the control of ICICI Bank... We are reliability given to understand that the alleged breach occurred due to security protocols being compromised at ATMs of a particular bank," the bank said in a clarification to the exchanges.

The clarification is with the regard to 32.14 lakh debit card data compromise in which case 641 customers were duped of Rs 1.3 crore using stolen debit card data.
ICICI Bank further said the incident relates only to a small segment of customers of ICICI Bank who used the other bank ATM.
HDFC Bank said, "There has been no breach of HDFC banking system and the incident is an outcome of possible compromise at the third-party payment processor. The impact for HDFC Bank is limited owing to various steps taken by the bank (both proactive and reactive)."

HDFC Bank further said it has not reported the matter to the stock exchanges as "there is no breach at our end and also there is no material impact due to the incident".

The exposure owing to the incident was Rs 17 lakh from 29 customers who have been immediately compensated for the disputed amount and the bank has covered the same through insurance, it said, adding that the bank also reported the impacted cases to the Reserve Bank in September itself.
ICICI Bank said it has taken steps to preserve the interest of its customers and continues to pursue the matter for enabling effective remediation through authorised channels.
"We understand that investigations are still continuing and the interest of investors would be best served if the bank concerned issues a proper explanation," ICICI Bank added.

Earlier in the day, stock exchanges BSE and NSE sought clarifications from 5 banks -- SBI, ICICI Bank, HDFC Bank, Axis Bank and Yes Bank on the debit card data breach issue.
Taking cognisance of the gravity of cyber security, the Parliamentary Standing Committee on Finance headed by Congress MP Veerappa Moily, which is scheduled to meet tomorrow, has asked officials from the finance ministry, the corporate affairs ministry and various banks to appear before it.
Representatives of State Bank of India, HDFC Bank, ICICI Bank and Yes Bank have been asked to brief the panel on "security-related issues concerning payments in the banking sector", according to a Lok Sabha secretariat notice.

The Reserve Bank of India has also initiated forensic audit to investigate the entire matter.