Hackers based in foreign countries carried out a malware attack on the servers of Pune’s Cosmos Bank and siphoned off Rs 94 crore over just two days earlier this month, according to a police complaint.
In the complaint filed at Pune’s Chatushringi police station, hackers cloned several thousand debit cards issued by the bank and withdrew the money from ATMs located in Canada, Hong Kong and India. “The Core Banking System (CBS) of the bank was not hacked into and the malware attack happened on the “switch” that connects to Visa and RuPay payment gateways,” an official from the Cosmos Bank said.
Bank officials told the police that the hackers built a parallel system similar to that of the National Payment Corporation of India (NPCI) and approved transactions from 450 dummy international debit cards via this gateway which allowed them to withdraw the money.
The fraud was detected by Visa and RuPay which detected the breach in their systems and informed the Reserve Bank of India, Cosmos Bank officials said.
The money was stolen on August 11 and August 13 through 25 ATMs located in different countries, according to the bank. On the first day, Rs 78 crore was stolen using more than 12,000 transactions. On August 13, Rs 13.92 crore was transferred to a bank in Hong Kong. The same day 2,849 fraudulent transactions were carried out within India where Rs 2.5 crore was stolen, according to the FIR filed by Cosmos Bank.
The bank said in a statement that none of its customers were affected and the bank incurred the loss on its own account.
The bank has now suspended all net banking facilities to its customers and shut down all its servers. Milind Kale, Chairman, Cosmos Bank, said the money was withdrawn from ATMs in 21 countries.