Insights & Analyses

Massive financial data breach in India affects up to 3.2 million debit cards – One World Identity

October 20, 2016

A number of banks in India have been hit by financial fraud due to malicious software, requiring users to change their security codes or even replace their cards to prevent unauthorized usage.

In all, some 3.2 million debit cards could be affected, according to India’s Economic Times, from institutions including State Bank of India, HDFC Bank, ICICI Bank, YES Bank, and Axis Bank.rupay_debit_card_issued_state_bank

Most of the stolen cards — 2.6 million — are on Visa and MasterCard platforms, while the remaining 600,000 were RuPay, though those specific systems were not breached.

Instead, the point of theft is believed to be malware in
stalled on units from Hitachi Payment Systems — a company that provides ATM, point of sale and other debit card machines. The malicious code was said to have been installed for as long as six weeks before it was finally detected.

Unauthorized use of the cards was said to have come from China.

The emerging market of India is one of the largest financial opportunities on the globe, with some 700 million debit cards currently in use, according to the Reserve Bank of India.

Credit card companies and banks have been working to make simple fraud with stolen PIN numbers an issue of the past, largely through a switch to EMV chip cards that are more secure.

Tap-to-pay services like Apple Pay and Android Pay also use tokenization and biometric verification methods to make credit card theft and fraud virtually impossible, obscuring the user’s account information and verifying their identity before a transaction can be completed.