The regulator also made its displeasure felt at certain banks which asked its customers to use only the in-house ATMs and avoid using ATMs of other banks
The Reserve Bank of India (RBI) is likely to take action against the bank from whose ATMs where the leak of customer data took place after the forensic audit is completed.
The regulator also made its displeasure felt at certain banks which asked its customers to use only the in-house ATMs and avoid using ATMs of other banks.
The regulator told banks that such advisory creates a wrong impression among the customers and gives a feeling that other bank ATMs may be at risk and asked them to desist from such practices.
A senior bank official said, "Banks did whatever they could to protect their customers. Because we are not in control of other banks' ATMs, such advisories had to issued."
Nearly 45 days after bank customer data got leaked from the ATMs of a leading private bank (RBI) convened a meeting to all bank, chief executive officers of Visa, MasterCard and the NPCI to plug the loopholes in the electronic infrastructure banks have set in place.
It asked banks to confirm with its cyber security requirements issued on June 2, 2016. They also asked banks to immediately report the loss of data or frauds that happen at their end.
The central bank said in a release, "It has come to the Reserve Bank's notice on September 8, 2016 that details of certain cards issued by a few banks had been possibly compromised at ATMs linked to the ATM Switch of one of the service providers. The issue is currently being investigated by an approved forensic auditor."
It also said that the "number of cards misused, as per currently available information, is few. As a matter of abundant precaution, card network operators concerned were earlier advised to share the details of cards used during the period of such exposure."
According to data collated by banks, about 3.2 million cards were impacted and about Rs 1.25 crore were lost after date on the debit cards were compromised in early September. The issue came to light when customers complained to banks that their debit cards were being swiped in the US and China when they were in India. Based on the customer complaints, banks began to send a group of select customers texted messages asking them to change their ATM pin numbers. Some of the banks like YES Bank reduced the daily withdrawal balance of their customers until the new PIN numbers were created.
Banks have taken measures including advising the customers to change PIN, blocking payments at international locations, reducing the withdrawal limits, monitoring unusual patterns, replacing the cards and re-crediting the accounts of cardholders for amounts wrongly debited.
The RBI on Monday urged the cardholding bank customers to change the PIN and passwords periodically and not to share them with anyone for any reason. Banks, it said, does not ask for card or account details from their customers, hence, customers may exercise caution and not reveal such information to any person on phone or email. The RBI told banks to set up their cyber security measures and strengthen it from time to time.
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
 "ATM")
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
)
){kind=small}
){kind=small}
)
)
)
)
)
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}