ICICI Bank has acted upon the exposure of a credit card data breach affecting 17,000 new customers. After it came to light that unauthorised individuals could access the data, the bank announced the blocking of compromised cards and promised the issuance of new ones to affected customers and also refunds for financial losses if necessary. The news came to light as worried ICICI Bank customers took to social media platforms such as X and finance-related forum, Technofino regarding the security of the ICICI bank’s iMobile Pay app. Users said they could see the credit card details of other customers in ICICI Bank’s iMobile Ap, including the unknown card holder’s name, entire credit card number, expiration date and even CVV in their ICICI iMobile Banking app.
Reports initially surfaced on Technofino, a finance-related forum, about users encountering complete card details of unknown individuals while using ICICI Bank's official mobile banking app, iMobile Pay. This breach raised concerns about the security protocols implemented by ICICI Bank to safeguard customer data. iMobile Pay is a mobile application that offers over 400 banking services, and both ICICI Bank customers and non-customers can access it. The app can be used to manage multiple credit cards and transfer funds.
"I have access to someone else’s Amazon Pay CC due to a security glitch on the mobile app. Although OTP restricts domestic transactions I can do international transactions using the details from the iMobile app. The app even allows me to enable international transactions in case it has been disabled by the actual user," a user wrote on Technofino. "Several users have reported being able to view other customers' ICICI Bank credit cards on their iMobile app. Since the full card number, expiry date, and CVV are visible on iMobile, and one can manage international transaction settings, it's easy for someone to misuse another person's credit card for international transactions," Sumanta Mandal founder of Technofino said on X. He also requested RBI to review the security system of ICICI bank.
What Did ICICI Bank Say?
An ICICI Bank spokesperson acknowledged the incident, stating that approximately 17,000 new credit cards issued in recent days had been mistakenly linked to wrong users within the bank’s digital channels. The bank said that these 17,000 accounts just constitute 0.1 per cent of the bank's entire credit card portfolio. Despite this lapse, the spokesperson assured customers that no instances of misuse had been reported thus far and the bank has blocked these 17,000 cards and would issue new ones to customers. Additionally, the bank pledged to provide appropriate compensation for any financial losses incurred by affected customers.
What Customers Should Do?
Despite ICICI Bank's assurances, customers should take immediate action to protect their financial information. If someone has access to your card, they can change settings on iMobile without an OTP or MPIN. The best option is to block the card and replace it because if you just block it someone will be able to reactivate it, according to Mandal. To replace your ICICI Bank credit card with a new number and security code, contact their customer service and request a replacement.
It's important to keep a close eye on your credit card statements and transactions to detect any suspicious activity or unauthorised charges. If you notice any unauthorised transactions, immediately report them to the bank and provide any supporting evidence. Make sure to enable transaction alerts on your credit card to receive real-time notifications for any activity.