Officials believe the breach originated from malware on the Hitachi Payment Services platform.
Officials believe the breach originated from malware on the Hitachi Payment Services platform.

One of the biggest breaches in India has compromised as many as 3.2 million payment cards as banks scramble to replace cards and request users to change security codes.

Officials believe the breach originated from malware on the Hitachi Payment Services platform, which provides ATM and point of sale services, is responsible for the breach said 2.6 million of the affected cards are on the Visa and MasterCard platform, according to The Economic Times.

Some believe the malware infection took nearly six weeks to detect and compromised the transactions which took place over the network during this time, the publication said.

Although the malware is believed to have originated from the point of sale service provider, customers from SBI, HDFC Bank, ICICI Bank, Yes Bank, and Axis Bank may have been affected in the breach.

Some of the customers have received complaints of unauthorized use of their cards in China and the National Payments Corporation of India has launched forensic audit has been ordered to investigate the incident and help prevent fraud.

"All merchants, vendors and financial institutions have to be deeply concerned at this point, as we just don't know whose devices and software can be trusted," VASCO Data SecurityDirector of Omni-Channel Identity and Trust Solutions Shane Stevens told SCMagazine.com via emailed comments. "This was a huge hit to India's financial infrastructure but it will not be the last of our POS attacks until can we drive home the importance of doing a full assessment of all of the POS solutions in the market, from banks to energy to travel."

Malware is typically designed to steal clear data in memory from Point of Sale ,HPE Security-Data Security Senior Director of Payments George Rice told SCMagazine.com via emailed comments.

“Unfortunately, POS systems are often the weak link in the chain -- they should be considered insecure even after implementing EMV,” Rice said. “A POS application in constant use is usually less frequently patched and updated, and is thus vulnerable to all manner of malware compromising the system to gain access to cardholder data.”

He added that proven methods, such as Format-Preserving Encryption are available to neutralize data from breaches either at the card reader, at the point of sale, in person or online.