Recently, many customers have got mails and messages from their banks to change the ATM PIN of their debit cards. We now know the reason, with reports suggesting 3.2 million accounts in five leading banks -State Bank of India, Axis Bank, ICICI Bank, HDFC Bank and YES Bank -- are compromised.
Bankers and cyber experts advise that ideally an ATM PIN should be changed every three to six months. Are they being overly cautious? Perhaps not. Several banks have already asked their customers to change their card security details and to stick to own ATM networks.
According to Reshmi Khurana, country head-operations for Kroll Advisory Solutions, there are reports of customers reporting transactions on their debit cards in China, which is how banks came to know of the breach of data security. A certain foreign payment services company, whose system is believed to have been compromised, is going for a forensic audit. “While it is not confirmed, the breach of data seems to be on account of a malware inserted in a white-label ATM network, which is why banks are cautioning their customers to stick to their own bank’s ATM network,’’ she says.
An ATM breach means the PIN numbers of not only that bank’s customers but all those who use that bank’s ATM network could be compromised.
For most customers, using the card at an ATM would seem a safe transaction, being monitored by the bank. However, not always so. About 70 per cent of ATMs in India are running on outdated Operating Systems (OS), making it easier for fraudsters to exploit.
“Microsoft withdrew all support to Windows XP about two years before. But, there are still many ATMs running on Windows XP OS, which makes them vulnerable to malware and fraud,’’ points out Harshil Doshi, consultant at Forcepoint, a data privacy and security company.
Most banks also use ATM machines of different vendors, due to which standardisation of networks and technology is not possible. This also opens the system to possible fraud, Doshi adds. Fraudsters have developed devices to infect all types of ATMs. “Once the malware is detected, the bank or payment services company will fix it but the problem is to identify the malware. While such incidents are common overseas, they are increasingly happening in India, too, as banks adopt more technology and transactions become digital. There is a need to be more pro-active and put the proper checks in place,’’ Khurana adds.
Operating expenses on digital security have to go up manifold, says Piyush Singh, Director at Accenture India. “While we have leapfrogged in digital technology, we still lag in digital security. Both banks and customers need to actively protect themselves. Going ahead, customers may ask a bank about its digital security and protection before opening an account and not only about services and rates. For banks, it is a question of their reputation,’’ he says.
With debit cards of 5 banks compromised, time to be very cautious while transacting. If possible, avoid non-bank ATMs WHAT CAN YOU DO?
Look at your debit card transactions for any discrepancies, such as smallticket transactions made at odd hours or from another place
Sign up for SMS alerts for all ATM transactions, to know any fraudulent transaction immediately
Change your PIN once in three months or at least once a year
Use different PIN numbers for different ATM cards, so that if one gets compromised, the others are safe
Never disclose your PIN number to anyone. Phishing calls might offer to renew your reward points, etc
Don’t disclose your PIN number to the shop attendant while swiping your card, even if it is a store you visit regularly
Don’t disclose your mobile number or e-mail ID to anyone. People do this to get updates about deals/discounts on services and products
Dont ever accept or click unknown websites or links that look suspicious. Also, educate children on this
Business Standard New Delhi,21th October 2016
Comments
Post a Comment