If you hold a Debit Card then there is a very good chance that your card security has been compromised. You may not have been hit by the security breach as yet, but once your information has been accessed by an unauthorized person or agency, you stand at risk of being exploited at any time.
Here’s what recently happened
Between May and July this year, some ATMs were detected to be infected with malware and this raised red flags with the concerned banks. Malware is a software code that can capture your personal and card details and transmit it to an unauthorized person.
That person can then access your account at any time and from any ATM that is part of the network of in-house and third-party ATMs servicing your bank. The hacker can also transact over the internet using your account information.
State Bank of India has reported the possibility of 6.5 lakh SBI debit cards to be at risk, out of a total 20 crore active debit cards issued by the bank. As a precautionary measure, SBI has asked all the 6.5 lakh debit card holders to change their security PIN with immediate effect.
Those that have not complied so far have had their cards cancelled and SBI is in the process of issuing new EVM cards to them. EVM cards have chip-based embedded technology that carry user information and require PIN instead of signatures. These offer greater security and is now the preferred card globally. Bank of Baroda and HDFC Bank are also in the process of issuing the new EVM debit and credit cards to their customers.
As per information available, the most affected banks include SBI, ICICI, HDFC, Axis and YES Bank.
While the security breach is being investigated, unconfirmed reports seems to suggest that the breach occurred at an ATM belonging to YES Bank. There are also unconfirmed reports of some clients from China having reported unauthorized transactions from their account.
Since malware was detected in this particular ATM and the fact that most of YES Bank’s ATM transactions service clients of other banks, it can be assumed that card information of clients of other banks have also been affected, especially those falling within the same region.
Hitachi Payments Service that services YES Bank’s ATMs issued a statement denying any breach in security at their end or in any of the ATMs serviced by them. YES Bank, meanwhile, has initiated a comprehensive audit of all its ATMs and is cooperating with payment gateway service providers like NPCI (RuPay), Visa and MasterCard, in investigating whether a breach had indeed taken place. Reserve Bank of India is fully apprised of the matter and is closely monitoring developments.
How to protect against Credit or Debit Card fraud
While the guarantee of security is zero, there are several measures that can minimize the risk of your card being misused.
- Ask your card issuing bank to issue you an EVM card. This a smart card that carries your information and requires a PIN to operate and does not use signatures.
- Do not share your card information over the phone or internet with ANYONE, irrespective of whether you know them or not.
- Do not give any card or personal information while answering a telephone call where the caller claims to represent the card issuing bank or any related organization. You can always call back the bank on publicly displayed numbers, if required.
- While making payment at a merchant location or service provider like restaurants, etc, insist on punching in your PIN rather than hand over your card for processing the payment.
- Always check the bill.
- Always retain the transaction receipt for comparing against the card statement that you receive at the end of the month. Most people throw this away and do not match against the amount charged in the statement.
- Do not throw away the transaction receipt when you are done with it. Tear it or shred it. Dumpster divers are known to sift through garbage bags meticulously and retrieve all your card related information that can then be used to conduct unauthorized purchases, especially over the internet.
- While using an ATM, ensure that no one is watching your finger movement as you type your PIN. Watch out for cameras within the premises that can easily capture your PIN number. Try and cover your hand while you type in the PIN.
- Always memorize your card and PIN numbers, and in case of any loss or theft, report immediately to the concerned bank so that they can temporarily freeze your account and prevent any further unauthorized transaction until you receive your card replacement.
- Never save your card password in a regular folder in your computer hard drive or email account. If the account gets hacked, there is every possibility that an unauthorized transaction will take place.
- While making a payment over the internet, check for the security logo on the website confirming it as a safe site. If in doubt, check with the concerned company before making any such payment.
- Avoid keeping your credit or debit card in the wallet. In case your wallet gets stolen, you will at least have access to money at that moment.
As card users, you have to do your bit towards securing yourselves, while the banks need to work harder towards securing your information and money. Let’s hope the current breach is quarantined early and lessons learnt by all stakeholders.