RBI Asks Banks To Investigate Leak Of 1.3 Mn Indian Debit And Credit Cards

After reports about the credit and debit card data leak of around 1.3 Mn Indian account holders, the Reserve Bank of India (RBI) has asked the affected banks to investigate the reports and ensure data safety.

The RBI told banks to perform a preliminary analysis of the leaked card information online, according to a Reuters report.

The card data was on sale on the dark web potentially causing losses of millions of dollars.

“On finding leaked data to be correct and genuine, disable and reissue the credit and debit cards as per the bank’s policy. Monitor credit/debit transaction for the detection of frauds and misuses. Sensitise customers to use credit/debit cards in a secured manner in all modes of transactions line online, point of sale etc,” the RBI notice dated October 29 said.

Security researchers at Group-IB discovered the card dump, primarily belonging to Indian cardholders, being sold at a top-tier price of $100/card, putting the hackers on a trajectory of making more than $130 Mn from their latest haul.

However, bankers who received RBI’s letter issued by the cybersecurity and information technology examination cell, told ET that it was a routine notice and should not be alarming for customers.

“In the Indian context most of our cards are two factor authenticated so its difficult to cause any harm to customers. I don’t think that it should an issue,” said a banker.

Data Breach And Cyber Security In India

The rapid growth in the data economy and the relatively poorer security infrastructure have led to increasing cyber-attacks in recent times. India saw the second-highest number of cyber-attacks between 2016 and 2018, says a data security council of India (DSCI) report. According to an announcement made by the Indian government in August this year, it will unveil an official cybersecurity strategy policy by January 2020 .

The policy is aimed at making the internet a safer place for businesses and citizens and to achieve the goal of making India a $5 Tn economy. The government said that the most important requirement for internet security is increased effective coordination between ministries that are overseeing various aspects of cybersecurity, proper critical infrastructure protection and public-private partnership.

Meanwhile a report by Cisco said that more and more businesses and startups in India are relying more on automation, machine learning and artificial intelligence to serve their cybersecurity needs. The report claimed that 75% of organisations in India relied on automation, while over 60% depended on machine learning and artificial intelligence for cybersecurity.

The report, which surveyed more than 3,200 security leaders across 18 countries, said that more than half of the organisations in the country hired a cybersecurity officer as against only 34% globally.

Note: We at Inc42 take our ethics very seriously. More information about it can be found here.