NPCI tightens security as criminals target ATMs, e-banking

About 60% of 650 million cards issued in India use only magnetic strips making them vulnerable to skimming


The recent arrest of a Romanian national in Mumbai in connection with fraudulent cash withdrawals at ATMs in Kerala’s capital Thiruvananthapuram has brought the issue of card security into focus even as more Indians use credit, debit and ATM cards to either pay for goods and services or withdraw cash.

Separately, the Reserve Bank of India (RBI) on Thursday sought comments from the public on its draft circular on ‘Customer Protection — Limiting Liability of Customers in Unauthorised Electronic Banking Transactions’ in the backdrop of a rise in cases of online banking frauds.

The Hindu spoke to A.P. Hota, Managing Director & CEO, National Payments Corporation of India (NPCI), an umbrella organisation for all retail payments in India, on the card usage environment in India and steps being taken to secure card-based transactions. “We have put in place Fraud Risk Management (FRM) solutions to alert the member banks of suspicious transactions,” Mr. Hota said. With about 60 per cent of the 650 million debit and credit cards issued in India still using the older magnetic strip technology, according to industry estimates, a large number of card users are vulnerable to frauds like skimming.

Criminals can capture data on the card’s magnetic strip using electronic devices (a process known as skimming) and then use that information to make fake cards that are used to defraud the card holder and card issuer.

The remaining 40 per cent of cards have been migrated to the secure chip-based EMV (Europay, MasterCard, Visa) format. According to an RBI directive, all old magnetic strip cards issued by banks will have to migrate to EMV by December 2018.

“If a skimming device is installed at an ATM, it can be noticed and card users must be very careful while withdrawing cash,” Mr. Hota said. “However thin it may be, the skimming device attached to the ATM keyboard can be noticed and one must report it the bank immediately,” he said.

In case skimming occurs at an ATM, all card issuers have the capability to detect the fraud through point of compromise analysis. All such companies have solutions and support banks to deal with such situations.

For instance if two transactions take place at two different places which are located at a distance, then the card companies alert the banks immediately. If a card is used more than 30 times in a day, it is blocked automatically at the 31st transaction. After the 10th transaction, the banks alert the customer.

Dip-card machines

In order to prevent fraud at its ATMs, Axis Bank lays emphasis on monitoring the ATM counters. According to Sanjay Silas, president and head-branch banking at Axis Bank, the lender has a system of e-surveillance which helps prevent frauds.

“We saw a person entering the ATM with a screw driver and a small packet…and a team was sent to the spot,” said Mr. Silas. Highlighting the importance of constant monitoring, Mr. Silas said Axis Bank has a back-end unit which keeps monitoring transactions at various ATMs.

The chances of skimming are less in ATMs that operate dip card reading machines as compared to machines that retain the card during the transactions, Mr. Silas said. Axis Bank had moved to dip card reading machines since 2012-13, he said.