The Finance Ministry has said that bank customers need not “fear” or be unduly worried over the recent episode of debit card data breach. But, bank customers would do well to follow the “hygiene” factors prescribed by National Payments Corporation of India (NPCI) and the card-issuing banks.
“As of now, I see no reason for them (bank customers) to panic,” Anjuly Chib Duggal, Secretary, Financial Services, said when asked about the recent data breach episode.
She also did not see the data breach reports impacting the government’s quest to usher in a cashless economy in the country.
Ever since reports of possible data compromise of 3.2 million debit cards surfaced, several bank customers with debit cards are “apprehensive” about using their cards at automated teller machines (ATMs), fearing hacking of their accounts by unscrupulous elements.
Till end-July, nearly 69.7 crore debit cards were in force, Reserve Bank of India data showed.
Forensic auditDuggal made it clear that the data breach had happened only in respect of debit cards and not credit cards as is being perceived in certain quarters. She also said that the report of SISA, a payments security specialist, is expected to be submitted in the first fortnight of November. SISA is conducting a forensic audit of the data breach.
Duggal felt that it may not be right to infer that the entire 3.2 million debit cards have been compromised. She said that “preventive” steps have been taken in respect of these cards and that only 641 bank customers have so far made complaints of fraudulent activity.
Banking regulator RBI has so far refrained from making public statements on the reported data breach, which happened a few months back.
In recent months, the RBI has been taking steps to improve customer awareness on cyber security issues. The central bank had also come out with a draft circular on limiting the liability of customers in unauthorised electronic banking transactions.
At the recent meeting that Finance Minister Arun Jaitley had held with chief executives of banks, a detailed presentation was made on how the government was tackling the issue of cyber security in banks. The NPCI, a few days back, had stated that card users should exercise caution and be compliant in certain respects.
Some of the hygiene factors spelt out include requiring the customer to register his/her mobile number and email ID with the bank. This would enable a customer to get instant notification of debit/credit to one’s account, NPCI had said.
Bank customers have been advised not to share their card PIN or mobile PIN or internet banking password with anyone. “Beware of fraudsters who claim to be staff from the bank. Please note that no bank asks for PIN or password,” NPCI had said.
NPCI has also urged bank customers to memorise their debit card PIN and not write them at the back of the card or anywhere.
“Also, cover the ATM key pad with your palm while entering your PIN. Do not allow anyone else to enter your debit card PIN. Never give your card details or bank details to anyone over the phone.
“Check your bank account statements regularly. Change your ATM PIN and online passwords at regular intervals,” said a top NPCI official.
Bank customers have also been advised to report to their bank any fraudulent use or loss of their card.