Several ICICI Bank credit card customers were alarmed on April 24 when they discovered a significant security lapse within the bank’s iMobile Pay app. Users took to social media platforms to report that they could view other customers’ ICICI Bank credit cards through the app.
Security Breach Details
The gravity of the situation escalated as users found that sensitive information such as full card numbers, expiry dates, and CVVs were readily visible. This glaring oversight meant that malevolent individuals could easily exploit the situation, altering security settings to misuse someone else’s credit card, particularly for overseas transactions.
Sumanta Mandal, the founder of TechnoFino, a platform that evaluates debit and credit cards, labeled it as a “security glitch” inherent in ICICI Bank’s iMobile Pay app.
What is iMobile Pay?
iMobile Pay stands as ICICI Bank’s flagship mobile banking application, offering an array of over 400 banking services. Accessible to both ICICI Bank customers and non-customers alike, the app facilitates various functionalities, including card management, fund transfers, loan applications, and opening fixed or recurring deposits.
Official Response from ICICI Bank
In response to inquiries from Moneycontrol, an ICICI Bank spokesperson attributed the glitch to a recent issuance of 17,000 new credit cards. These cards were mistakenly associated with incorrect users, leading to the exposure of sensitive information.
The spokesperson assured that the affected credit cards constituted a mere 0.1 percent of the bank’s credit card portfolio, with no reported instances of misuse. As an immediate remedial measure, ICICI Bank has deactivated these compromised cards and initiated the issuance of replacements. Additionally, access to credit card details on the iMobile Pay app has been temporarily restricted for all users.
Action Plan for Affected Customers
Given the potential risks posed by the breach, affected customers are strongly advised to take proactive measures. Sumanta Mandal suggests blocking the compromised card and requesting a replacement as the primary course of action to mitigate risks.
Should any financial loss occur, customers are encouraged to promptly contact the bank via customer care or utilize internet banking facilities to block the card and file a complaint, providing evidence of the transaction through email or messages.
The ICICI Bank spokesperson reiterated the institution’s commitment to compensating customers for any financial losses incurred as a result of the security lapse. In light of the breach, customers are urged to remain vigilant and proactive in safeguarding their financial assets.
