Credit and debit card details of 13 lakh Indians on sale: RBI tells banks to probe, if required reissue cards

Earlier in the day, reports of a debit and credit card detail selling online came up, revealing a massive risk of privacy on 13 lakh Indian credit and debit card users. Now the Reserve Bank of India(RBI) has swung into action in order to safeguard the interest of these affected Indian customers.

RBI in a notice to banks has said that they should secure the customers’ data by performing a preliminary analysis of the leaked card information online.

“On finding leaked data to be correct and genuine, disable and re-issue the credit and debit cards as per the bank’s policy,” said the RBI notice dated October 29.

Security researchers at Singapore-based Group-IB discovered that critical card details of 1.3 lakh Indians were being sold at a price of $100 per card on dark web. The value of the leaked database has been estimated by the group at $130 million (£100 million).

“We do not disclose the names of banks, but can tell that the database held the credit and debit card dumps related to the largest Indian banks,” Group-IB said in a statement on Thursday, adding that it had informed authorities about the breach.



There were about 51.7 million credit cards and 851.5 million debit cards in circulation as of August, RBI data shows.

“The (RBI’s) Department of Banking Supervision has sent out this letter as whenever there are some incidents the RBI alerts the banks and sends them a cautionary note which is sent to all the scheduled commercial banks,” said an industry official, requesting anonymity.



Banks have also been asked to inform the government’s CERT-In department, which is responsible for emergency response, regarding the steps taken by them.

Regulators have often issued advisories to prevent data breaches which are frequent in India, a country of 1.3 billion people where the use of payment cards and digital wallets is rising rapidly.