Photographer: Prashanth Vishwanathan/Bloomberg

Audit Ordered After 3.2 Million Indian Cards Seen Compromised

  • NPCI says banks are contacting customers to replace cards
  • Data breach suspected at switch level at one bank, NPCI says

India’s national card payments network said a forensic audit was underway to probe the cause of a data breach that may have affected as many as 3.2 million bank debit cards.

The investigation was ordered after banks noticed that cards of customers were fraudulently used in China and the U.S., the National Payments Corp. of India said in a statement on Thursday. Cases of illegal withdrawals were limited to 641 customers of 19 banks, and the total amount involved was 13 million rupees ($194,600), according to the statement. The data breach was suspected to have taken place at the “switch level” at one bank, the network operator said without giving details.

“Necessary corrective actions already have been taken and hence there is no reason for bank customers to panic,” A.P. Hota, managing director and chief executive officer of NPCI, said in the statement. The payments system operator said that banks had advised customers to change their security codes for the cards, and in cases where customers couldn’t be contacted, banks have blocked their cards and are issuing new cards.

Mastercard Inc. said earlier today that it was aware of the data compromise incident in India and its own systems had not been breached, and it was working with issuers, global and local law enforcement agencies, as well as third-party payment networks on investigations.

State Bank of India, the nation’s largest lender, said in a statement that it had blocked the cards of certain customers as a precautionary measure. ICICI Bank Ltd. said it had changed codes of cards used at affected ATMs.

    Before it's here, it's on the Bloomberg Terminal.