PUNE: Hackers managed to siphon off over Rs 94 crore through a malware attack on the server of Pune-based Cosmos Bank and cloning thousands of the bank’s debit cards over a period of two days, a top official said.
The fraudulent transactions were carried out on August 11 and August 13 and the malware attack by the hackers originated in Canada, Cosmos Bank chairman Milind Kale told reporters here today.
“In two days, hackers withdrew a total Rs 78 crore from various ATMs in 28 countries, including Canada, Hong Kong and a few ATMs in India, and another Rs 2.5 crore were taken out within India,” he said.
On August 13, hackers again transferred Rs 13.92 crore in a Hong Kong-based bank by using fraudulent transactions.
He said the malware attack was on the switch, which is operative for payment gateways of Visa and Rupay debit cards.
Kale, however, said the cooperative bank’s core banking system was not affected and it has already appointed a professional forensic agency to investigate the fraud.
“On Saturday afternoon, the bank came to know about malware attack on its debit card payment system and it was observed that unusual repeated transactions were taking place through Visa and Rupay cards used at various ATMs for nearly two hours,” he said.
While cloning the cards and using a “parallel” or proxy switch system, the hackers self-approved the transactions and withdrew over Rs 80.5 crore in about 15,000 transactions, he added.
Explaining further, Kale said the core banking system of the bank receives debit card payment requests via ‘switching system’, but during this malware attack, a proxy switch was created and all the fraudulent payment approvals were passed by this proxy switching system.
He said that as per the payment settlement system, Visa and Rupay raised the payment demand for all these transactions and as per the agreement, bank had to pay this Rs 80.5 crore amount to them.
Talking about the Rs 13.92 crore fraudulent transaction in a Hong Kong-based bank, he claimed that though the money has been transferred to that account, it is still in the baking channel.
“We are in talks with the bank and requesting them to withhold the money,” he added.
As a precautionary measure, the bank has closed ATMs operations and suspended net and mobile banking facilities, according to the official.
“We appeal customers to remain calm and not to get panic as savings, term deposits, recurring accounts of all the stakeholders are fully safe,” Kale said.
The bank has also registered an FIR at the Chatushringi police station in the city. A case was registered under sections 43, 65, 66(C) and 66 (D) of the Information Technology Act and relevant sections of the Indian Penal Code.
When asked about the recovery of the amount, Kale said the malware attack was not against any bank but against the banking system and was done at international level in a very “coordinated way”.
“Since a lot of countries are involved, getting the money back will completely depend on coordinated efforts of all the agencies,” he said.
He said that the actual loss to the bank will be known only after reconciliation with Visa and Rupay.