The Reserve Bank of India on Monday emphasised an early implementation of Cyber Security Framework in banks so that the possibility of incidents such as the ATM/debit card data breach happening in the future is minimised and in the event of such incidents, containment measures are taken immediately.
This message was conveyed to senior officials from select banks who attended a meeting convened by the RBI to review the steps taken by various agencies to contain the adverse fallout of certain card details alleged to have been compromised. The meeting was also attended by officials of the National Payments Corporation of India and card network operators.
In June, the RBI had asked banks to immediately put in place a cyber-security policy elucidating the strategy containing an appropriate approach to combat cyber threats given the level of complexity of business and acceptable levels of risk, duly approved by their respective Boards.
The RBI, in a statement, said it had come to its notice on September 8, 2016, that details of certain cards issued by some banks had been possibly compromised at ATMs linked to the ATM Switch of one of the service providers. The issue is currently being investigated by an approved forensic auditor, under the PCI (Payment Card Industry)-DSS (Data Security Standard) framework.
“The number of cards misused, as per currently available information, is few. As a matter of abundant precaution, card network operators concerned were earlier advised to share the details of cards used during the period of such exposure.
“Based on this, banks have been taking necessary remedial action to avoid any potential abuse of such cards in future by unscrupulous elements and to protect the interest of their customers,” said the statement.