Private banks ask customers to change ATM PINs after security breach


A suspected breach of data security of a Mumbai-based private sector lender a few months back has led to pre-emptive steps being taken by other banks to thwart any potential troubles, bankers said Wednesday.


The steps taken by the bankers include asking customers to change the PINs of their ATM-cum-debit cards, which has now gone up one level to changing cards as well, if the customers do not comply.

Meanwhile, State Bank of India said that it had blocked 6,25,000 debit cards adding that they will be replaced soon. The country’s biggest lender fears these cards may have been compromised by a data breach. SBI has said that customers will be compensated for losses, which it estimates at about Rs 10 lakh to Rs 12 lakh.

“There is a suspicion that a data breach might have happened. We got this information from Visa, MasterCard and RuPay. As a measure of precaution, we have decided to replace these cards, which have been blocked,” SBI managing director Rajnish Kumar told NDTV.

According to bankers, the breach effected in such a way that anyone using the said bank’s ATMs in the region might stand to get affected.

When asked about alleged lapses on its ATM network, an Yes Bank spokesperson said, “Proactively undertaken a comprehensive audit of ATMs, and there is no evidence of a breach or compromise on ATMs.

“We continue to work with relevant stakeholders, including other public sector and private banks, and NPCI, to ensure utmost safety and security of ATM network and payment services which are completely safe to use.”

HDFC Bank reportedly asked the customers to change their PINs and has also been asking them not to use any other banks’ ATMs as a precautionary measure.

After asking its customers who may be potentially hit, the largest lender State Bank of India has also started a process to block the cards of those who did not change the security code at its own cost, its spokesperson said today.

“Card network companies NPCI, MasterCard and Visa had informed various banks about a potential risk to some cards owing to a data breach. Accordingly, we have taken precautionary measures and have blocked cards of certain customers identified by the networks,” SBI said in a statement this evening.

“We came to know about security breach and proactively recalled affected cards as we did not want our customers to be at any risk. There was no breach in our system. We are now issuing EMV-based debit cards which cannot be compromised,” SBI deputy managing director and chief operating officer Manju Agarwal told PTI.

She, however, declined to give the number of debit cards the bank has recalled. SBI has nearly 20 crore debit cards.

There were media reports that said SBI had recalled 6.25 lakh debit cards due to malware-related security breach.

SBI further emphasised that its systems are absolutely fine and not compromised at and that existing cardholders are not at any risks.

“We are in the process of issuing new cards at no cost to those cardholders whose cards have been blocked. This is a cards industry incident and not an SBI only incident,” an SBI statement said.

However, all the bankers were quick to claim that the breach has not led to any monetary losses to anyone and all the measures being taken are to safeguard the system against any potential threat.

When contacted, an RBI official said the central bank is seized of the matter and is looking into the issue.

Bankers said the problem was first discovered between May and July, and banks have resorted to recall the affected debit cards from September.

“Data processes of one private bank was compromised which affected other banks’ customers well. Customers who used that bank’s ATM stand to get potentially affected,” said another public sector banker.

(With PTI inputs)


Please enter your comment!
Please enter your name here