A large-scale payment cards breach has occurred which has compromised a total of 3.2 million cards issued by several large banks in the country.
This is one of the biggest payment card breaches in India
A large-scale data breach has been reported in India which affects 3.2 million payment cards. The officials report that hackers were able to compromise a lot of POS systems with malware which have resulted in the attack.
An investigation is underway and the information available so far indicates that the malware may have been deployed through the ATM and Point of sale devices which are manufactured by Hitachi. The majority of the affected payment cards are issued on the Visa and Mastercard platforms.
The preliminary data indicates that the malware infection might have taken nearly six weeks to detect. Customers of SBI, HDFC Bank, ICICI Bank, Yes Bank and Axis Bank all may be affected by the hacker attack.
Already some of them have reported unauthorized transactions that have been carried out in China. The National Payments Corporation of India has already launched a forensic audit and is investigating the incidents. All merchants, vendors and financial institutions should be concerned as the investigators have not discovered which devices and software can be trusted.
The POS systems in many cases are the weakest links in the financial transactions chain. According to the security experts they should be treated as insecure systems even after the implementation of the EMV standard. In many cases the POS applications are used constantly and only rarely patched and updated. Add to that the fact that most of them run on desktop operating systems that are also insecure. This makes it very easy for hackers to compromise them using various methods such as exploit kits.
Financial crimes such as this incident are one of the most lucrative schemes that are employed by computer criminals. A variety of security vendors and specialists are also employed by the affected parties in the investigation. According to some of the reports a total of 13 million rupees have been withdraw in foreign countries like China and the United States through fraudulent transactions. The banks have already taken measures to prevent further damage and to strengthen the security of their customers. The payment networks like Mastercard, Visa and RuPay are actively monitoring all payment card activity for any unusual patterns as per their security policies.