14 DAY TRIAL // The number of Indian debit cards affected by a recent malware infection has gone up, from 600,000 to 3.2 million, as investigators have discovered that more customers from several banks, not just one, may be affected.
Softpedia reported yesterday that the State Bank of India (SBI) had started procedures to block and reissue over 600,000 debit cards that its engineers believed to have been used on the ATM network of a fellow bank that suffered a malware infection.
Initially, SBI blamed YES Bank, and more precisely one of its partners, Hitachi Payments, a company that handles the bank's ATM and PoS financial transactions.
Investigators discovered that an attacker had compromised Hitachi Payments' system and deployed malware that collected credit card details for transactions passing through Hitachi's infrastructure.
Banks blame Hitachi Payments
As the probe into this matter advanced, people with insider access told The Economic Times that investigators have discovered that the malware had been hidden in Hitachi's network for the past six weeks.
Since the initial infection, they say Hitachi had processed transactions from over 3.2 debit cards, belonging to clients of several Indian banks, not just SBI.
Investigators say the banks with the largest number of affected cards are the State Bank of India, HDFC Bank, ICICI Bank, YES Bank, and Axis Bank.
Over 2.6 million of the affected cards work on top of the Visa and MasterCard platforms, while the rest are on the RuPay platform.
Banks suspect Chinese hackers
Investigators said they found evidence of fraudulent transactions, with some of the affected debit cards being used to initiate transactions at ATM and PoS systems in China.
While some banks have resorted to blocking affected cards and are preparing to replace existing debit cards, other banks are only recommending that customers change their security codes (PINs).
Regardless of the number of affected cards, the incident marks the biggest card replacement operation in India's banking history.
Axis Bank, one of the affected organizations, is also investigating an unrelated security incident. A Kaspersky researcher alerted the bank that a hacker accessed its internal network. The bank said it stopped the hacker before he was able to siphon funds from customer bank accounts.