The State Bank of India (SBI) has blocked about 6 lakh cards. 73 cardholders have complained about claims aggregating to Rs. 39.18 lakhs upto November 4, 2016. SBI asserted that systems are robust and its Debit Cards are not at risk.
According to Reserve Bank of India (RBI), an independent investigation by a forensic auditor approved under Payment Card Industry Data Security Standard (PCI-DSS) framework is under process. It has set up a Cyber Security and IT Examination (CSITE) Cell within its Department of Banking Supervision in 2015.
According to the written reply given by Minister of State for Finance Santosh Kumar Gangwar in Rajya Sabha today, the Bank issued a comprehensive circular on Cyber Security Framework in Banks on June 2, 2016 covering best practices pertaining to various aspects of cyber security.
The circular requires banks to have among other things, a cyber-security policy, cyber crisis management plan, a gap assessment vis-a-vis the baseline requirements indicated in the circular, monitoring certain risk indicators in this area, report unusual cyber security incidents within 2 to 6 hours.
RBI has been carrying out IT Examination of banks from last year. RBI has also set up a Cyber Crisis Management Group to address any major incidents reported including suggesting ways to respond and recover to/from the incidents. Department of Banking Supervision also conducts cyber security preparedness testing among banks on the basis of hypothetical scenarios with the help of CERT-In. RBI has also set up an IT Subsidiary, which would focus, among other things, on cyber security within RBI as well as in regulated entities.