US-based fraudsters target IDBI bank, siphon off Rs 60 lakh of 284 customers
   Date :18-Sep-2019
 
By Dheeraj Fartode :
 
Among the 284 customers, five are from Nagpur 
 
TOTAL 284 customers of IDBI Bank across the country lost Rs 60 lakh after details of their debit cards were stolen by cyber criminals. The money was siphoned off to various accounts in banks across United States of America (USA). Prima facie investigation has revealed that the data of international debit cards (platinum) issued by IDBI was allegedly stolen by hackers and was then misused. Sources informed ‘The Hitavada’ that the on-line fraud was carried out in the intervening of August 25 and 26. Customers woke up to SMSs of transactions leaving them in shock.
 
Many of them immediately blocked their debit cards after learning about the fraudulent transactions. Among the 284 customers, five were from Nagpur. An investigation in the crime revealed that the money was transferred from the accounts of the customers using international debit cards of the bank (platinum) of a particular batch. The revelation prompted the bank to withdraw that particular batch of platinum debit cards of 8,000 customers as a safeguard against future such attacks. A police officer informed that the data of debit cards seems to have been compromised by penetrating malware in the server and then the on-line fraud was committed.
 
The money was transferred at around 2 am (4.30 pm in USA). “Till debit card data got compromised the bank was not aware about the breach and woke up only after complaints of consumers started pouring. The bank became aware of this large-scale data breach and corrective measures followed,” the officer said. The money was transferred to three to five bank accounts in New York and two other cities in the US. The fraudsters committed one to three transactions in every bank account, the officer added. A top official of IDBI bank informed The Hitavada, “We are still following the genuine and fraudulent transactions that were conducted in the night of August 26.
 
The cyber fraudsters committed the fraud by using the debit card credentials that were compromised.” “The bank has already taken proactive steps to manage the situation. There is a risk management tool to identify potential threats,” he said and added that the money of the customers were returned as per the Reserve Bank of India’s (RBI’s) guidelines. As the fraudsters have used a Payment Gateway outside India they were not bound by the RBI mandate which requires a One Time Password (OTP) authentication. Hence, the fraud was carried out without OTP authentication, informed a Cyber Security Expert.
 
“Such cyber attacks are happening because of the ineffective implementation of the payment security standards. The banks need to pay a lot more emphasis to this than they currently do,” the expert said. It may be mentioned that the largest data breach in India’s banking system, which affected nearly 3.2 million debit cards, was reported in year 2016.