As per news-paper report (This is how an ATM virus compromised 3.2 million debit cards in India) a virus or malware infection at Hitachi Payments Services led to the compromise of millions of debit cards. Not many details are known on the malware that has caused this havoc. It is unfortunate that even after knowing about the infection, customers were not flagged. RBI has to take a serious note of this and work on disclosure norms so that precautionary measures can be taken in future.
Hitachi Payment system should come out with detailed reason of the malware and how it affected the ATMs. This will be a good learning for other organisations and they too can take pro-active steps in future. As for banks, they need to provide a mechanism for customers to check if their card has been compromised and pro-actively change their pin and notify them accordingly. Interestingly my bank allows me to change the PIN, only at the ATM. There is no way I can change the PIN by logging onto the bank website. This prevents me from changing my PIN regularly. Implementation of two-factor authentication would also go a long way to assure customers on the security of their accounts. Debit/ATM cards too need to move away from magnetic strip cards to EMV based. EMV based cards consists of a microchip that contains data traditionally stored in the card’s magnetic strip. These work with new point-of-sale readers that scan the chip and process payment transactions in a secure manner using encryption.The chip reduces fraud because it contains a cryptographic key that authenticates the card as a legitimate bank card and also generates a one-time code with each transaction. This means thieves can’t simply take account numbers stolen in a breach and emboss them onto the magnetic strip of a random card, or program them onto the chip of a random chip card, to make fraudulent purchases at stores or unauthorized withdrawals at ATMs.
Some of the above measures will help in reducing threats to the banking system and bring more assurance to customers that their money is safe.