Credit and debit card details on sale: RBI asks banks to probe, if required to reprint cards
Today, reports of a debit and credit card detail selling online came up, exposing a massive danger of privacy on 13 lakh Indian debit and credit card users. Now the Reserve Bank of India has swung into action in order to safeguard the interest of these affected Indian customers.
Card skimming is a type of credit or debit card theft where crooks use a small devices to steal card information. When the card is swiped through the skimmer, the device clones the critical details of the card stored on its magnetic stripe. Thieves use this stolen data to make fraudulent chargers either online or with a counterfeit credit card, or sell the details on the dark web.
RBI had sent a notice to banks saying that they should secure the customer’s data by performing a preliminary analysis of the leaked card information online.
“On finding leaked data to be correct and genuine, disable and re-issue the credit and debit cards as per the bank’s policy,” said the RBI notice dated October 29.
Security researchers at the Singapore-based Group-IB discovered that critical card details of 13 lakh Indians were being sold at a price of $100 per card on the dark web. The value of the leaked database has been estimated to be nearly $130 million by the group.
“We do not disclose the names of banks, but can tell that the database held the credit and debit card dumps related to the largest Indian banks,” Stated Group-IB on Thursday.
Group-IB also stated that it had informed the authorities about the breach.
There were about 51.7 million credit cards and 851.5 million debit cards in circulation as of August, RBI data shows.
“The (RBI’s) Department of banking supervision has sent out this letter as whenever there are some incidents the RBI alerts the banks and send them a cautionary note which is sent to all the scheduled commercial banks,” stated an Industrial official, requesting his name to be anonymous, reported INDIA TODAY.
Banks have also been asked to inform the government’s CERT-In department, which is responsible for emergency response, regarding the steps taken by them.
According to a ZDNet report, these card details have been uploaded on Joker’s stash which happens to be the Internet’s largest and oldest card shop. Similarly, in February, card details for 2.15 million Americans were put up for sale on Joker’s Stash.
The uploaded card details are from multiple banks and not just on which means that it isn’t a case of compromisation of one bank.
Tags : credit card , debit card , RBI