Source: News Bharati English25 Oct 2016 10:49:09

New Delhi, October 25: Charge of monitoring debit card data breach has been taken over by the Reserve Bank of India. RBI will scrutinize and monitor all activities relating to damage to the banking system and frame plans to prevent these practices as the number of complainants reporting fraudulent activities is around 641 and data of about 3.2 million cards have been compromised.
A meeting was held by RBI with senior officials from selected banks, National Payment Corporation of India and card network operators in order to review the steps taken by various agencies to contain the adverse fall out of certain card details alleged to have been compromised.

RBI has urged cardholding bank customers to change the PIN and passwords periodically and not to share them with anyone for any reason. Customers may exercise caution and not reveal such information to any person on phone or email as banks do not ask for card or account details from their customers.

Banks have taken measures including advising the customers to change PIN, blocking payments at international locations, reducing the withdrawal limits, monitoring unusual patterns, replacing the cards and  re-crediting the accounts of cardholders for amounts wrongly debited.

Also RBI has already issued instructions to banks dated June 2, 2016 on Cyber Security Framework in Banks. Banks have once again been advised to review the extant cyber security arrangements. RBI has emphasized an early implementation of this framework so that (i) possibility of such incidents happening in future is minimized and (ii) in the event of such incidents, containment measures are taken immediately.

As a safety measure, card network operators concerned were earlier advised to share the details of cards used during the period of such exposure. Based on this, banks have been taking necessary remedial action to avoid any potential abuse of such cards in future by unscrupulous elements and to protect the interest of their customers.

The issue was brought to RBI’s notice on September 8, 2016. The issue is currently being investigated by an approved forensic auditor, under Payment Card Industry Data Security Standard framework.