No need to panic, debit cards are safe: Finance Ministry

New Delhi: Seeking to calm worried customers following feared security breach of over 32 lakh debit cards of various banks, Finance Ministry today said they constitute only a small number of the total such cards which are “completely safe”, with no need for panic.

“Only about 0.5 per cent of total debit card details were compromised while remaining 99.5 cards are completely safe and bank customers should not panic,” Department of Financial Services Additional Secretary G C Murmu told PTI.

There are around 60 crore debit cards operational in India, of which 19 crore are indigenously developed RuPay cards while the rest are Visa and Master Card enabled.

Since the data compromise has taken place from specific machine and specific time period, so it is just a limited issue and banks have asked their affected customers to replace their card or change PIN, he said, adding that other cards are not affected at all.

A Canara Bank message to a customer said: “In view of security reasons…Please change the ATM pin immediately. In case not adhered to, we will be blocking the existing card on 21-OCT-2016.”

Murmu said data of the users who have transacted from ATM machines of Hitachi have been compromised during the month of May, June and July.

The Hitachi ATMs, he added, deployed by many White Label ATM players and Yes Bank were impacted by the malware while usage at other ATMs were completely secured.

As far as financial loss is concerned, there is minimum impact as reports on losses due to this is being collated.
The genesis of problem was receipt of complaints from few banks that their customer’s cards were used fraudulently mainly in China and USA while customers were in India, NPCI said in a statement.

Apprehending that this could be a case of card data compromise, all the ATMs / PoS terminals in India and three card networks – RuPay, Visa and MasterCard worked in a collaborative manner in the month of September 2016.

It was established through the analysis post such frauds were reported that there was a possible compromise at one of the payment switch provider’s system. Based on the analysis, NPCI and other schemes identified the period of compromise and the possible card numbers which could have been compromised during that period.

Though there were no complaints from any of the RuPay cardholders, NPCI as a domestic utility for ATM payments has taken the lead role for proactive steps in discussing the matter with various banks and card networks.