Security breach: SBI blocks over 6L debit cards


1 Jun 2013
Reaction score
Pune: In one of the biggest card replacements in Indian banking, State Bank of India has said that it will re-issue around six lakh debit cards to customers, which have been blocked following a malware-related security breachin a non-SBI ATM network.

"It's a security breach, but not in our banks' systems. Many other banks also have this breach — right now and since a long time," Shiv Kumar Bhasin, SBI's chief technology officer (CTO), told TOI, adding that customers who used their cards only at SBI-run ATMs have not been affected by this. "A few ATMs have been affected by a malware. When people use their card on infected switches or ATMs, there is a high probability that their data will be compromised," Bhasin said.

Several customers of the bank have found their ATM cards to be blocked. SBI has informed branches about the cards being blocked and fresh cards would be issued to customers. "Customers need not panic. They can either approach their branch, call up phone banking or use the internet for 're-carding'. They can also set their PINs from their homes using internet banking," Bhasin said.

Last month, Yes Bank had confirmed that its ATM network manager Hitachi Payments was reviewing its network to rule out any compromise. Hitachi had initiated a detailed audit of their systems through a certified agency SISA. "Preliminary reports of the audit conducted have been submitted... and the report does not establish any system-level breach at Hitachi Payment Services," the bank said.

At present, the RBI does not require banks to report to the public any security breach in their network. "Banks whose ATMs have been infected must come forward and declare those infected ATMs. The onus is on them to stop this," Bhasin said, without naming the banks. He added that until the problem is addressed customers who use their cards in the ATMs of affected banks will continue to be at risk.

A branch manager in Pune confirmed that the bank has blocked a few of its customers' cards. She also said that the bank has sent SMSs to customers informing them that their card was blocked. However, affected customers were largely clueless about this development. "I had come to Delhi, from Punjab, on Monday and discovered my card was not functioning. When I called the bank, they said I will have to come to Mumbai [my home branch] and re-apply, or transfer my account to Delhi — which will take a fortnight — and then the new card would arrive in seven days," said Ankur Jaiswal, a researcher and SBI account holder.

Nidhi, a teacher, was also caught unawares on Saturday when she swiped her card at a merchant in Delhi. "I then tried using my card at other bank's ATMs and it (still) would not function. When I approached my branch later, they told me to re-apply, and that it (blocking of the cards) is happening countrywide," she said.

According to numbers on RBI website, as on July 2016, there were 20.27 crore active debit cards from SBI. At the same time, SBI's associate banks had a total of 4.75 crore active debit cards. The cards that were affected, and subsequently blocked, comprise about 0.25% of this.

Across many circles

“In the past 3-4 days, we saw some unidentified and suspicious transactions at some ATMs and hence the cards were blocked immediately. The cards have been blocked across many circles,” a SBI branch manager in Mumbai said.
SBI customers appear not to be the only victims of this ATM scam. “The damage has been done to many other bank debit cards, including foreign and private banks. This happened a month ago and we saw some data of customers being compromised. With such large number of cards involved, we thought it was better to replace the cards entirely. Largely the cards were magnetic-based,” said an SBI general manager handling the cards portfolio.

 “About 0.25% of our cards have been blocked. We came to know that some of our customers have used them at some virus-infected ATMs. These were white label ATMs operated by Hitachi payment services,” said Shiv Kumar Bhasin, chief technology officer at SBI, without elaborating.

SBI blocks 6.25 lakh debit cards after ‘suspicious’ transactions spike | business-news | Hindustan Times
Security breach: SBI blocks over 6L debit cards - Times of India
30 lakh debit cards exposed to suspect ATMs?

MUMBAI: Close to 30 lakh debit cards are understood to have been used in ATMs that are suspected to have exposed card and PIN details to malware at the back end.

While State Bank of India (SBI) has decided to reissue debit cards to six lakh customers who had used their cards at suspect networks, other banks are asking customers to change their ATM PIN. They are also blocking international transactions that can be conducted without PIN
30 lakh debit cards exposed to suspect ATMs? - Times of India
Oh teri .. 2 days back i used my debit card on Canara bank ATM machine ??
Top Bottom
AdBlock Detected

We get it, advertisements are annoying!

Sure, ad-blocking software does a great job at blocking ads, but it also blocks useful features of our website. For the best site experience please disable your AdBlocker.

I've Disabled AdBlock