As per Newindianexpress news website, a large number of state bank of India credit card holders are experiencing fraudulent tractions. The matter is being escalated to cyber crime police. Approx 60 such complaints have been received in the last 2 months.
Further investigation revealed, stolen credit card data from SBI is compromised and misused due to easy encryption being used. 80% of the affected accounts are part of a leading nationalized bank in India.
Another important thing to notice out of feedbacks received from the account holders is; plenty of them didn’t even receive the OTP (one-time password) despite their mobile numbers were registered with the bank. Most of the transactions were initiated from abroad & at those point of sale points which doesn’t require a PIN or OTP to authenticate the transaction.
As per RBI, for domestic transactions, you need to validate the OTP for online and PIN for Point of sale payments. However, for international transactions, all that is needed is Card number, CVV & expiry date.
In all the reported cases, affected credit or debit cards are immediately blocked & temporary cards have been issued while existing investigation is underway.
If we dive a little deeper into the issue, scammers are finding it relatively easier to decrypt the currently used encryption. Encryption is a method to secure & load the sensitive information on a payment card. Easier encryption means, they are easily able to decrypt and plant the same information on a fresh empty card. The skimmed card can now be used as duplicates to the existing card and are the gateway of fraudulent transactions.
To fight this, we either need to raise the encryption level or cater for a change in rules for validating International transactions, same as domestic ones.