Data of 1.3 million Credit and Debit cards on Dark net, necessary remedial actions taken: MoS Fin

The Government today informed the house that it is duly aware of the reports on availability of credit and debit card details of nearly 1.3 million Indian card holders on a Dark net forum in October 2019. MeitY has further informed that CERT-In has alerted the banks and Reserve Bank of India (RBI) regarding verification of reports and necessary remedial actions.

Besides, the Government has taken measures to enhance the cyber security posture of digital payment systems in the country.

WATCH | Click on Zee Business Live TV Streaming Below:

CERT-In working in coordination with Reserve Bank of India (RBI) and Banks to track and disable phishing websites. CERT-In also issuing regular alerts and advisories regarding latest cyber threats and countermeasures on regular basis.

Government operated Cyber Swachhta Kendras (Botnet Cleaning and Malware Analysis Centre) is providing detection of malicious programs and free tools to remove the same for citizens and organisations. Red the full text of question and the reply by the MoS below:

Question: Will the Minister of FINANCE be pleased to state:

(a) whether the Government has received any complaint regarding hacking and online selling of credit and debit card data of more than 12 lakh people by hackers;

(b) if so, the details thereof along with the steps taken by the Government to deal with the said issue;

(c) whether the bank or the Government is liable to provide compensation for the loss caused due to data theft; and

(d) if so, the details thereof?

ANSWER: MINISTER OF STATE IN THE MINISTRY OF FINANCE (ANURAG SINGH THAKUR)

(a) & (b) : The Indian Computer Emergency Response Team (CERT-In) set up under Ministry of Electronics & Information Technology (MeitY) has informed that it is duly aware of the reports on availability of credit and debit card details of nearly 1.3 million Indian card holders on a darknet forum in October 2019. MeitY has further informed that CERT-In has alerted the banks and Reserve Bank of India (RBI) regarding verification of reports and necessary remedial actions.
Besides, the Government has taken following measures to enhance the cyber security posture of digital payment systems in the country:

i) CERT-In working in coordination with Reserve Bank of India (RBI) and Banks to track and disable phishing websites.

ii) CERT-In issuing regular alerts and advisories regarding latest cyber threats and countermeasures on regular basis.

iii) Empanelment of security auditing organisations to support and audit implementation of Information Security Best Practices.

iv) Government operated Cyber Swachhta Kendras (Botnet Cleaning and Malware Analysis Centre) are providing detection of malicious programs and free tools to remove the same for citizens and organisations.

v) Government has set up the National Cyber Coordination Centre (NCCC) to generate necessary situational awareness of existing and potential cyber security threats.

vi) Cyber security mock drills are being conducted regularly to enable assessment of cyber security posture and preparedness of organisations in Government and critical sectors. 50 such drills have so far been conducted by CERT-In where 450 organisations from different States and sectors such as Finance, Defence, Power, Telecom, Transport, Energy, Space, IT/ITeS, etc participated. Out of these drills, 12 drills were conducted in coordination with the Reserve Bank of India and The Institute for Development and Research in Banking Technology for financial sector organisations.

vii) Ministry of Electronics & Information Technology (MeitY) is conducting programs to generate information security awareness.

(c) and (d): RBI has apprised of issuing instructions to banks regarding limiting the customer liabilities in unauthorized / fraudulent electronic transactions, vide circular DBR.No.Leg.BC.78/09.07.005/ 2017-18 dated July 6, 2017. The salient features of the
framework are as under:

(i) Zero Liability: A customer need not bear any loss if the deficiency is on the part of the bank and in cases where the fault lies neither with the bank nor with the customer but lies elsewhere in the system and the customer notifies the bank within three working days of receiving the communication about the unauthorised transaction.

(ii) Limited Liability:
• Where the loss is due to the customer’s negligence, the customer has to bear the entire loss until he reports the unauthorised transaction to the bank; and
• Where the fault lies neither with the customer nor with the bank and lies elsewhere in the system and the customer reports between four to seven working days of the unauthorised transaction, the maximum liability of the customer ranges from ₹5,000 to ₹25,000, depending on the type of account/ instrument.

Liability as per Board approved policy: If the unauthorised transaction is reported beyond seven working days, the customer liability shall be determined as per the bank’s Board approved policy.