Payment Card Industry (PCI) Security Standards Council, the international standards body for the payments industry, has called for breach notifications across all banks and payment companies, reports the Times of India. Jeremy King, international director of the body, told the publication that without these breach notifications, most people think frauds are not happening and pretend that they were never breached. Banks and organisations, on the other hand, accept the loss.
King’s comments take significance with last year’s security breach where more than 3.2 million debit cards were suspected to be compromised. The National Payments Corporation of India (NPCI) said that the complaints of fraudulent withdrawal were limited to cards of 19 banks and 641 customers and the total amount involved was Rs. 1.3 crore. At that, time customers were desperately trying to figure out why their cards were blocked as the banks did not provide information about the breach.
Earlier this month, Hitachi Payment Services confirmed that a malware on its system caused the breach of financial data last year. Around 90 YES Bank’s ATMs and POS machines were targeted by the malware which resulted in card details of State Bank of India (SBI), ICICI Bank and HDFC Bank customers stolen.
King added that the risk to the payments industry could also come from anywhere personal data is stored. He added that telecom data could be hacked to access bank details as well. King also pointed out that there is an increasing trend where people are moving away from cards to account-to-account transfers.
Last month, The Reserve Bank of India set up the Reserve Bank Information Technology Pvt Ltd (ReBIT) to take care of its IT requirements, including the cyber security needs of the bank and its regulated entities. The RBI’s regulated entities include banks, NBFCs, wallets, ATM operators and payments banks, and as such, ReBIT will be responsible for ensuring cyber security enforcement of almost all online and digital transactions.
SWIFT breach: Last year, the SWIFT network (Society for Worldwide Interbank Financial Telecommunication) warned banks across the globe to comply with security procedures instituted after this year’s $81 million online bank heist at Bangladesh Bank. According to the agency, cyber-theft attempts have increased since the attack on the Bangladesh central bank, resulting in fraudulent payment instructions compromising customer accounts. Some of these thefts have been successful, although it did not specify how much money was stolen or from which banks.