by Elton Gomes
Though a malware attack, hackers managed to transfer more than Rs 94 crore from the server of Cosmos Bank in Pune. Hackers also managed to clone thousands of the bank’s debit cards over a period of two days, a senior official from the bank said.
The fraudulent transactions were reportedly conducted on August 11 and August 13 across 25 ATMs located in Canada, Hong Kong, and India. A complaint has been filed with Pune police about the malware attack and the bank is doing internal audits to investigate the breach, the official said, Live Mint reported.
The bank maintained that the core banking system (CBS) was not attacked and that the malware attack was on the switch, which is used in payment gateways of Visa and Rupay debit cards. None of the customers accounts were touched and it is the bank which has incurred the loss of this money, the official told Live Mint.
The bank’s officials registered a complaint at the Chatushrungi police station in Pune. In the FIR, the officials have claimed that Rs 80.5 crore were initially transferred to a foreign banks in 14,849 transactions of the debit card, whereas another Rs 13.9 crore were later transferred in a SWIFT transaction. The complaint states that information of thousands of debit cards have been stolen by suspected cybercriminals in the malware attack.
How the fraud took place
It has been estimated that the hackers might have cloned the bank’s Visa and RuPay debit cards to make the transactions, and may have attacked the switch to verify them. Cosmos Bank has stated that these cards were dummy cards, and did not belong to customers – this means that the hackers “linked” the dummy cards to the bank by using the compromised switch. Hackers may have created a proxy switch in order to interact with the VISA and RuPay gateway, and used the fake switch to carry out the transactions.
Attack on the bank’s IT system
After Rs 94 crore was fraudulently transferred to overseas accounts, the National Payments Corporation of India (NPCI) claimed that its systems were “fully secure” and that the cyber fraud might have occurred due to a malware attack on the bank’s IT system.
“This has happened due to malware based attack on bank’s IT system which has caused a fraud. Under the attack, maximum transactions have been reported from outside India. We wish to reiterate that our systems are fully secure and we are monitoring the situation continuously. We are there to support the bank in identifying the cause of this fraud,” Bharat Panchal, head of risk management at NPCI said, Business Today reported.
Panchal added, Under the attack, maximum transactions have been reported from outside India we are monitoring the situation continuously, news agency PTI reported. According to the report, Cosmos Bank’s chairman Milind Kale said that the bank has already appointed a professional forensic agency to investigate the fraud. Kale further said that as a precautionary measure, the bank has shut its ATMs operations and has halted net and mobile banking facilities.
Elton Gomes is a staff writer at Qrius