Debit card breach: Malware compromised our systems, says Hitachi Payment Services
The company said it could not determine how much data had been compromised by the malware.
The data breach in India’s banking system, which affected nearly 32 lakh debit cards in 2016 was caused by a security compromise at Hitachi Payment Services’ systems, the company said on Thursday. In a statement, Hitachi said a malware injection in mid-2016 caused the breach in its systems and that the malicious software was able to “work undetected” while trying to make itself untraceable, Mint reported.
The company also said that it could not determine how much data had been compromised by the malware. “Hitachi Payment Services regrets the inconvenience caused to banks and its customers due to this lapse in its security infrastructure,” the company’s Managing Director Loney Anthony said.
Hitachi’s acknowledgement came a day after information security specialist SISA Information Security Private Limited completed an audit of the company’s systems, Business Standard reported. SISA confirmed that the malware captured the debit card numbers and PINs of customers who used their cards at ATMs affected by it. However, banks managed to contain losses by blocking the cards affected and advising their customers to change their PINs.
“The reason why such cyber attacks are happening today is because of the ineffective implementation of the payment security standards,” SISA Chief Executive Officer D Shanthamurthy said. “With demonetisation, and with an increase in the number of digital payments, such attacks are going to get worse,” he added.
Nineteen banks and 641 customers had complained of fraudulent withdrawals amounting to Rs 1.3 crore, the National Payments Corporation of India had said on October 21, 2016. At least 32 lakh debit cards were compromised because of the breach, which was first reported only after several customers complained to banks that their cards had been used in China at various ATMs and point of sale terminals. The Centre had said that it would take action against the perpetrators.