Warning of Malware Breach was Issued by SISA the Renowned Security Firm

On Tuesday, SISA the security firm alerted all banks and those who initiate payments, to change passwords for staffs that can access payment server. The warning came after the discovery of malicious software in the server of payment switch of an unknown bank. Hackers infused a malicious script to the application server of payment switch. The payment networks are managed by this hub, a spokesperson of SISA told TOI.

The malicious software that is injected in the application server of payment switch is capable to accumulate card details that initiate payments. With this data, hackers can make a duplicate card and with the help of that card they can perform further transactions. The virus affected software send fake replies into the payment server in the application log of the switch. In this way they enable the transactions. Even after the recognition of the malicious software, no one can clearly say whether the hackers have spared customer's account or not, as per the post on economictimes.indiatimes.com as of 20/12/2017.

The biggest debit card information hack in 2016 was investigated by SISA. Debit cards of about 3.2 million were affected in 2016 data breach, which affected its systems for malware injection. Those customers who used the affected ATMs, the malware registered debit card number and pin numbers, SISA confirmed. Financial losses were saved as Bank blocked the debit card and asked to change the debit card pin for some customers. Quality of payment security is inadequate, that is why such hacks are happening. Companies should pay more importance to the security standard. It's not like checking the box approach. The security should be strong.

Data breach was not informed by lenders to fellow banks. But RBI made a compulsory rule to inform about such breach two years back. Also, without utilizing names, the central bank issued an alert to peer banks.The RBI additionally orders banks to acquire worldwide payment card industry information security standard. The auditor of bank's PCI-DSS compliance, SISA has said, few banks who are utilizing easy passwords for staff's payment server login and has asked for two-factor verification.

» SPAMfighter News - 12/27/2017