A glitch in the ICICI Bank mobile banking application, iMobile Pay, has been flagged, with users claiming that they can view sensitive details of other people's credit cards on the platform.
In a post on social media platform X (formerly known as Twitter), Sumanta Mandal, founder of TechnoFino, tagged the bank and the Reserve Bank of India (RBI) to urgently address the issue.
"Several users have reported being able to view other customers' ICICI Bank credit cards on their iMobile Pay app. Since the full card number, expiry date, and CVV are visible on iMobile, and one can manage international transaction settings, it's easy for someone to misuse another person's credit card for international transactions," Mandal wrote.
After multiple users raised alarm, Mandal later posted that the bank seemed to have restricted access to credit card information to rectify the issue.
Responding to Mint, an ICICI Bank spokesperson said the glitch was due to "erroneously mapped" data of 17,000 new credit cards in their digital channels. They added that the affected cards comprise 0.1 percent of the bank's credit card portfolio and no instance of misuse has yet been reported.
"It has come to our notice that about 17,000 new credit cards which were issued in the past few days were erroneously mapped in our digital channels to the wrong users. They constitute about 0.1 percent of the Bank’s credit card portfolio. As an immediate measure, we have blocked these cards and are issuing new ones to the customers. We regret the inconvenience caused. No instance of misuse of a card from this set has been reported to us. However, we assure you that the Bank will appropriately compensate a customer in case of any financial loss," an ICICI Bank spokesperson told Mint.
TechnoFino is an online platform for credit cards and banking products in India, as per its official X account.
In an online post on the platform, Mandal also wrote that the "best option" to protect yourself at present, is to block and replace your card.
"If you can't do anything, and someone has access to your card, they can change settings on iMobile without OTP or even MPIN. The best option is to block the card and replace it; this will provide some temporary relief," he said.
Besides Mandal, site user @googley also posted a screenshot of what was claimed as access to "someone else's Amazon Pay" credit card details.
"I have access to someone else’s Amazon Pay CC due to a security glitch on the iMobile app," the user wrote, adding: "Although OTP restricts domestic transactions but I can do international transactions using the details from the iMobile app. The app even allows me to enable international transactions in case it has been disabled by the actual user."
The conscientious user also said the issue has been flagged. "I have already flagged this to the ICICI team. They are working on this on priority as multiple customers have reported this. I wanted to alert the community folks too regarding the same," user Googley added.
An ICICI Bank spokesperson later said, "As an immediate measure, we have blocked these cards and are issuing new ones to the customers. We regret the inconvenience caused," reported IANS .
The spokesperson further added, "No instance of misuse of a card from this set has been reported to us. However, we assure that the Bank will appropriately compensate a customer in case of any financial loss."
Catch all the Business News , Corporate news , Breaking News Events and Latest News Updates on Live Mint. Download The Mint News App to get Daily Market Updates.