Mumbai: In the last couple of weeks, banks have reported multiple instances of data breaches, especially in debit and automated teller machine (ATM) cards. Banks have described these instances as cyber data breaches and said no monetary losses have been reported.

“Our internal monitoring mechanism identified such a threat recently and all steps have been undertaken to neutralize the same," an Axis Bank Ltd spokesperson said in a statement. The bank said its customers haven’t suffered any losses.

The Economic Times reported on Thursday, citing people aware of the matter, that banks in India will either replace or ask users to change the security codes of as many as 3.2 million debit cards because of financial data breaches.

In September, banks including HDFC Bank Ltd, Kotak Mahindra Bank Ltd and Federal Bank Ltd, sent out SMSes asking some customers to change the personal identification number (PIN) used in debit card transactions immediately as a precaution.

Should you worry?

All the recently reported debit card data breaches have happened at the bank level. According to Reserve Bank of India (RBI), banks are responsible for security of the debit cards they issue. “Hence, in case of any monetary loss on account of breach of security or failure of the security, the bank is liable to bear the loss," RBI says in a circular on debit cards.

The bank is liable if there has been a failure of its systems and infrastructure resulting in fraud. According to the RBI, if a transaction has taken place without the additional factor of authentication and a customer has complained that the transaction was not effected by her, the issuer bank will reimburse the customer.

What do you do if your money is missing?

If you have lost any money, there is no need to panic. You need to immediately inform the bank about the loss. If you don’t inform the bank about the loss or theft, the bank cannot be held liable. You can report the fraud at any time of the day but immediately after you come to know about it. Once you report the loss, it is the bank’s responsibility to stop further use of the card. If the cardholder is found to have been negligent, she will have to bear the liability.

In a recent draft circular on customer protection, RBI said a customer will not be liable where fraud or negligence is on the part of the bank or for a third-party breach where the customer notifies the bank within three working days of receiving a communication from the bank on any unauthorized transaction. “Where customer’s own involvement is not clearly established, customer liability will be limited to a maximum of Rs5,000 if she reports within 4 to 7 working days and if customer reports beyond 7 working days, customer liability will be determined based on bank’s Board approved policy," RBI said in the circular.

How do these frauds happen?

According to Axis Bank, many large financial institutions across the globe often receive security threats from various sources. Security experts and information technology (IT) professional constantly monitor systems to neutralize any threat. Frauds are possible if your card gets cloned or skimmed during transactions on point of sale (PoS) terminals or automated teller machines.

What are the precautions you should take?

There is nothing much a customer can do if the breach has happened at the bank level. “If there is more than one customer involved there is not much customers can do," said Amit Jaju, executive director—fraud investigation and dispute services, EY.

Also Read: How to deal with ATM card frauds

To be safe in future, you can take precautions such as setting a limit on you card. “Many banks allow you to set cash withdrawal limits and transaction limits. You can do it using net banking. Hence, you are exposed to only a limited amount of fraud," said Jaju. You should change your personal identity number every six months or as frequently as possible. RBI also mandates banks to send online alerts for all card transactions so that a card holder is aware of transactions taking place on her card. Update you mobile number and email ID with the bank to receive all transaction alerts.

Close