Thursday, July 25News That Matters

Debit Card Fraud, Data Breach – What to do?

Have you heard of recently Debit card fraud last week that impacted more than 32 lakhs card? Are you worried about it? Do you want to ensure the security of your card?

So the first step, you should do is check your bank transaction to see if there are any unexpected transactions.

What actually happened?

On Sep 5, some banks came across fraudulent transactions where debit cards were used in US & China while the cusotmers wewre in India. Cardholders also detected such fraud transactins. The banks complained to NPCS (National Payment Corporation of India that oversee retail payment in India.

On investigation, they found that a malware security breach in a vendor system – Hitachi payment services that provide ATm & other services.

According to NPCI, 90 ATMs have been compromised, and at least 641 customers across 19 banks have lost Rs 1.3 crore as a result of fraudulent transactions on their debit cards.  Banks have asked their custoemrs to change the PIN or replace the debit cards.

SBI had blocked approx 6 lakh debit cardsand other banks like Axis, HDFC, ICICI have also admitted being hit by similar cyber attacks — forcing Indian banks to either replace or request users to change the security codes of as many as 3.2 million debit cards over the last two months.

  • 90 Yes Bank ATMs and point of sale (PoS) terminals were targeted by malware.
  • Total amount of fraud – 1.3 crore
  • The complaints of fraudulent withdrawal are limited to cards of 19 banks and 641 customers.
  • Worst hit banks are State Bank of India (SBI), ICICI Bank Ltd, HDFC Bank Ltd Axis Bank and Yes Bank
  • Of the 3.2 million cards involved in the data breach, over 2.6 million belonged to Mastercard and Visa networks, and the remaining were from the RuPay network.

What will happen if there is fraud transaction in your account?

According to the RBI’s draft circular on customer protection, a customer is not liable for a third-party breach, or where negligence or fraud is on the part of the bank, if the customer informs the bank of the fraud within 3 working days of receiving a communication from the bank on any unauthorised transaction.

What to do now?

Call your bank customer service immidiately to report the fraudulent transactions and blocking of card.

How to secure your Debit Card

1) Change the PIN immidiately
2) Never share password, PIN, debit card with others or callers
3) Get Chip & PIN card that require PIN for manking payments
4) Apply for new card & blcok old debit card
5) Set up for SMS alerts for debit card transactions

RBI Draft Circular on – Customer Protection – Limiting Liability of Customers in Unauthorised Electronic Banking Transactions

In Aug 2016, RBI has issued a draft circular to limit customer’s liability in case of such fraud.

Banks must ask their customers to mandatorily register for alerts for electronic banking transactions.  The alerts shall be sent to the customers through different channels (email or SMS) offered by the banks.

Zero Liability if fraud/ negligence is on the part of the bank (irrespective of whether the loss/fraudulent transaction is reported by the customer or not)


Zero Liability Third party breach where the fault lies neither with the bank nor with the customer but lies elsewhere in the system, and the customer notifies the bank within 3 working days of receiving the communication from the bank regarding an unauthorized transaction.
Full Liability Customer will be liable for the loss occurring due to fraudulent transactions if it involves negligence by yourself , for e.g. where you have shared the payment credentials, the customer will bear the entire loss until he reports the unauthorised transaction to the bank.
Limited Liability In cases where the responsibility for the unauthorised electronic banking transaction lies neither with the bank nor with the customer but lies elsewhere in the system and when there is a delay (of 4-7 working days) on the part of the customer in notifying the bank of such a transaction, the customer liability shall be limited to the transaction value or Rs 5000/-, whichever is lower.

Burden of Proof

The burden of proving customer liability in case of unauthorised electronic banking transactions shall lie on the bank. The bank’s above policy shall also specify the maximum time period for establishing customer liability after which the bank shall compensate the customer.

[xyz-ihs snippet=”ad1″]

Leave a Reply

Your email address will not be published. Required fields are marked *