Indian Bank Blocks 600,000 Debit Cards After ATM Malware Incident

Share this…

Biggest credit card replacement in India’s history. The State Bank of India (SBI) said today it decided to block over 600,000 debit cards after rumors of a malware infection on the ATM network of a fellow Indian bank.

According to SBI, all blocked debit cards had been used at non-SBI ATMs suspected to be infected with malware. As such, SBI decided to block the debit cards as a precautionary measure, before attackers started siphoning cash from customer accounts.

Bank customers are now asked to contact the bank and request a “re-carding,” a term that used for debit card replacement. They can do this via the bank’s online portal, or by calling customer support.

Biggest debit card replacement in India’s history

The blocking of affected debit cards came out of the blue, without any prior announcement, so as expected, many people were caught off guard while trying to make payments online and in stores.

According to statistics from the Reserve Bank of India, SBI has over

202.7 million debit cards in circulation, and another 47.5 million debit cards issued by SBI associate banks. The number of blocked debit cards represents only 0.24 percent of SBI’s total debit cards currently on the market.


According to multiple reports in local Indian media, this is the biggest debit card replacement in the country’s history.

SBI’s card replacement might be connected to YES Bank incident

“It’s a security breach, but not in our banks’ systems,” Shiv Kumar Bhasin, SBI’s chief technology officer (CTO) told Times of India. “Many other banks also have this breach — right now and since a long time.”

The card annulment might be related to an incident from last month, when India’s YES Bank confirmed that its ATM network manager, Hitachi Payments, had discovered and was investigating a malware infection on its system.

No other banks have yet come forward to acknowledge a similar breach, but on the same day, Axis Bank, India’s third largest private lender, said it started an investigation into a security breach that doesn’t appear to be related to the SBI and YES Bank reports.

SBI’s gesture is of note and demands praises because Indian legislation does not force banks to even announce security breaches, let alone take precautionary measures.