Govt Admits 29 Lakh Debit Cards Being Malware Infected; UPI, BHIM Data Compromised, But Are Banks Hiding it?

When it comes to the security of financial data and privacy, it seems that India has hit a new low. While Govt. of India has admitted that close to 30 lakh debit cards were infected by malware, which threatened financial privacy and security of millions of users, a new report has emerged which claims that banks are hiding the fact that UPI, BHIM Apps are prone to hacking. In fact, if we believe the report, then lots of banks have experienced UPI fraud, but none of them are reporting it.

Is Govt. of India listening?

29 Lakh Debit Cards Were Malware Infected: Govt. of India

In an admission which is sure to raise eyebrows, Govt. of India has admitted that 29 lakh debit cards were infected with a malware last year. These ATMs were infected after they were used at an ATM which was connected with an infected Hitachi switch.

Minister of State for Finance Santosh Kumar Gangwar made this admission while replying to a query in Lok Sabha. He also informed the nation that out of 29 lakh infected debit cards, only 3291 were reported as compromised by RBI. Besides, PoS infrastructure was not hacked.

He said, “RBI has informed that Hitachi Payment Services (HPS) appointed SISA Infosec for PCI forensic investigation. The final report suggested that the ATM infrastructure of HPS was breached and the data between May 21 and July 11, 2016, were compromised, but not the POS (point of sale) infrastructure,”

In the month of October, we had reported how 32 lakh debit cards from HDFC, ICICI Bank, Axis Bank, SBI & Yes Bank were infected by a malware; and how SBI had blocked 6 lakh debit cards to put an end to the financial disaster.

We are awaiting the investigation report by Hitachi, which will reveal further information about the malware infection.

UPI, BHIM App Frauds Being Under-reported?

A new report has emerged, which is claiming that UPI, BHIM Apps launched by Govt. of India and various banks are prone to security hacks, and lots of frauds are happening on their platform. The scary part is that banks are hiding these cases of frauds and hacks originating on BHIM App and other UPI-based apps.

We have already reported about UPI fraud which happened at Bank of Maharashtra, wherein Rs 6 crore was siphoned off using a feature in their UPI app. FIR has been lodged against 50 persons regarding this issue.

But why other banks are hiding it?

An unnamed person having information about these security breaches has said, “Bank of Maharashtra has reported it, the private banks who have been victims have not reported about it,”

He also said that lots of ‘low value’ transactions are being observed as fraud, but banks have not announced or reported these matters because the ‘the loss isn’t big yet’.

As per this report, two private banks have also experienced UPI fraud, but they haven’t come out in the open.

An employee of Infrasoft Technologies, which created Bank of Maharashtra’s UPI app said, “We have reported losses from December 1 but we got to know about it on January 18. There is a “collect money” feature on UPI which was used by fraudsters who opened fake accounts using fake SIM cards…The investigation is on and more details should be out soon.”

When Money Control sought HDFC Bank’s reply, then no answer came out. Meanwhile, representatives from ICICI Bank, Axis Bank and Kotak Mahindra Bank have denied any UPI frauds on their platform.

We will keep you updated as we receive more information.