SISA to submit forensic report on card data breach by October 31

Bengaluru-based payment security specialist firm SISA, which has been authorised by the Reserve Bank to conduct forensic audit into the recent debit card data breach, is expected to submit its report in the next 2-3 days. SISA is expected to give its report to RBI on October 31, sources said. "This will give us exact picture of the entire incidence. It will give us lead as to where hacking or compromise took place," the sources said.

As many as 32.14 lakh debit cards of various public and private sector banks are feared to have been 'compromised' by cyber malware attack in some ATM systems. The Hitachi ATMs deployed by many white-label ATM players and Yes Bank were impacted by the malware while usage at other ATMs was completely secured.

Several banks, including state-owned SBI, have recalled a number of cards while many others blocked the ones suspected to have been compromised and asked their customers to change PIN (personal identification number) before use.

Fraudulent withdrawals have been reported from 19 banks so far while complaints have been received from a few banks that their customers' cards were used fraudulently abroad, mainly in China and the US, while the customers were in India. 

RBI, in a statement, earlier this week had said it came to its notice on September 8 that details of certain cards issued by some banks had been possibly compromised at ATMs linked to the ATM Switch of one of the service providers.

"The issue is currently being investigated by an approved forensic auditor, under PCI-DSS framework (Payment Card Industry Data Security Standard)," it had said. It further said the "number of cards misused, as per currently available information, is few".