Credit Card Mapping Gone Wrong: ICICI Bank Says No Misuse Reported

ICICI Bank is India’s second-largest private sector bank that provides a wide range of financial products across its diversified portfolio. In an alarming incident, ICICI Bank mistakenly exposed the sensitive credit card details of more than 17,000 customers. The breach happened from a technical error in the digital mapping that incorrectly linked newly issued credit cards to the wrong users in the bank’s banking app called the iMobile Pay application. This included crucial information such as complete card numbers, expiration dates, and Card verification value (CVV) codes which establish a personal identity for the customer, reducing the risk of theft and fraud. The breach posed a risk of potential financial fraud to the affected customers. 

ICICI Bank’s response 

As per ICICI Bank’s statement, the impacted credit cards represented roughly 0.1% of the 16.95 Million cards as of March 2024, The total credit card portfolio of the bank and the incident resulted from a technical glitch that inaccurately associated approximately 17,000 recently issued credit cards with incorrect users on the iMobile Pay app. The disclosure of this information, including the CVV code, presents a threat by enabling unauthorized individuals to carry out transactions, particularly international ones that don’t necessitate an OTP or MPIN which directly jeopardizes the financial security and confidentiality of impacted customers, exposing them to possible fraud. 

Measures taken

Upon identifying the issue, ICICI Bank immediately blocked the affected credit cards and is currently in the process of issuing replacement cards to the affected customers. Furthermore, the bank has taken precautionary measures by limiting access to credit card information on the iMobile Pay app for all users. The bank has directed the customers to check for unauthorized transactions and report it to the customer service department if any. The bank further stated that there have been no reported cases of misuse involving the cards because of the OTP mandate from the affected customers. Nonetheless, they assured that the bank will adequately compensate any customer for any financial losses incurred.

Conclusion: In conclusion, this breach of over 17,000 customers’ sensitive credit card information, including CVV codes, highlights the critical need for maintaining a good technical system. Despite affecting only 0.1% of its credit card portfolio, the potential risk of financial fraud remains significant. ICICI Bank’s prompt actions to block and replace the affected cards emphasize the importance of taking proactive measures in safeguarding customer data to maintain trust in the digital banking system.

Disclaimer: This blog has been written exclusively for educational purposes. The securities mentioned are only examples and not recommendations. It is based on several secondary sources on the internet and is subject to changes. Please consult an expert before making related decisions.