The threat of Malware always lurks around us smartphone and PC users but what if the Malware manages to steal your Debit card details right at the ATM. Well, this is exactly what happened after a new wave of Malware attack has successfully breached into 3.2 million debit cards. Expected to be the country’s biggest breach of financial credentials yet.


In totality 3.2 million debit card are expected to be compromised and this includes cards on Visa, Master-Card and also RuPay platform. The issuers of the Debit cards are spread across all banks but HDFC, ICICI, YES Bank and Axis Bank has been the worst affected. The modus operandi of the breach seems to originate at the ATM Kiosks manufactured by Hitachi Payment services which are in turn letting the attackers steal the money. Hitachi has been one of the major suppliers of Point of Sale machines and ATM’s, however, the company is yet to issue a statement.

It all started when SBI had announced that it would reissue 600,000 Debit cards after a security breach and the Banks issuing Debit cards had also advised the card holders to change their PIN as well. This further led to a forensic audit by Payments Council of India in Indian Bank Servers and systems to detect the origin of funds that have affected the customer’s attack. Apparently, customers are seeing a fraudulent withdrawal of funds from China. Banks have already sprung into action and are responding to customers queries.

Precautionary Measures

Now the question remains, how do you keep your account safe from the compromises. Well, to begin with, you can change the debit card PIN since it is still suspected that the compromise is happening at the ATM’s. If changing PIN is a complicated process you can also login to your Netbanking and disable the card for International transactions, this will safeguard you from the fraudulent transaction. Also, ensure that the SMS alerts on your Bank account are switched on as this is something that will alert you of any transaction on your cards.

According to RBI guidelines banks themselves are responsible for the losses and this means that they are required to do a shadow reversal within the next ten days from the date of reporting. Additionally, Bank will also issue a new card free of cost.

Was this article helpful?