Card data breach was due to third party processor, say banks

Several lenders, including ICICI Bank and HDFC Bank, told stock exchanges that debit card data security breach was on account of third-party payment processor and the amount involved was not material.

Banks also told BSE and NSE that they have taken appropriate steps on their part to deal with data compromise, besides reporting the matter to the payment gateways network companies NPCI, Visa and Mastercard.

“There was no breach incident within the control of ICICI Bank... we are reliability given to understand that the alleged breach occurred due to security protocols being compromised at ATMs of a particular bank,” the bank said in a clarification to the exchanges.

The clarification is with the regard to 32.14 lakh debit card data compromise in which case 641 customers were duped of Rs 1.3 crore using stolen debit card data.

ICICI Bank further said the incident relates only to a small segment of customers of ICICI Bank who used the other bank ATM.

HDFC Bank said, “There has been no breach of HDFC banking system and the incident is an outcome of possible compromise at the third-party payment processor. The impact for HDFC Bank is limited owing to various steps taken by the bank (both proactive and reactive).” 

HDFC Bank further said it has not reported the matter to the stock exchanges as “there is no breach at 

our end and also there is no material impact due to the incident”.

The exposure owing to the incident was Rs 17 lakh from 29 customers who have been immediately compensated for the disputed amount and the bank has covered the same through insurance, it said, adding that the bank also reported the impacted cases to the Reserve Bank in September itself.

ICICI Bank said it has taken steps to preserve the interest of its customers and continues to pursue the matter for enabling effective remediation through authorised channels.

“We understand that investigations are still continuing and the interest of investors would be best served if the bank concerned issues a proper explanation,” ICICI Bank added.

Earlier in the day, stock exchanges BSE and NSE sought clarifications from 5 banks SBI, ICICI Bank, HDFC Bank, Axis Bank and Yes Bank on the debit card data breach issue.