The incident was detected after the lender’s fraud-monitoring systems noticed an unusual increase in transactions on certain Bank Identification Numbers (BINs) linked to cards issued in partnership with BookMyForex. The unauthorized activity was traced to 15 traders located in the Latin American country and took place in the early hours of February 24 between 3.30 am and 8.30 am IST.
The statement said the country in question does not mandate two-factor authentication for e-commerce transactions, which could have exploited the gap. As a precaution, Yes Bank has banned e-commerce transactions originating from the affected country, they added.
An internal investigation found that while a fraction of fraudulent transactions were approved during the incident window, the bank’s controls prevented hundreds of additional attempts. Yes Bank is now working with BookMyForex to extend the chargebacks, with the aim of fully protecting affected customers from financial loss.
Separately, BookMyForex said in a statement that the data breach did not originate from their servers. “BookMyForex is a technology-driven digital platform for forex services that connects banks and RBI-licensed money changers to provide foreign currency products and services to customers at competitive rates. We do not store customers’ sensitive card information, and our systems have not been breached or compromised during the period in question,” the company said.
Live events
(You can now subscribe to our ETMarkets WhatsApp channel)
