Imagine it’s 3:30 AM. While most of India is fast asleep, digital thieves thousands of miles away in Latin America are busy swiping money from Indian bank accounts. This isn’t a movie script it’s exactly what happened to Yes Bank this week.The Latin American Loophole Between 3:30 AM and 8:30 AM on February 24, fraudsters targeted the Yes Bank-BookMyForex Multi-Currency Card. They exploited a specific weakness: certain e-commerce merchants in Latin America do not require Two-Factor Authentication (2FA). This means they could process transactions without that familiar OTP (One-Time Password) we usually rely on for security.The Damage and the "Save" By the time the bank's fraud monitoring system sounded the alarm, about ₹2.55 crore ($0.28 million) had already been approved across 5,000 different customers.However, it could have been much worse. The bank’s automated systems managed to block 688 unauthorized attempts in real-time, saving roughly ₹90 lakh from being stolen.What is Yes Bank Doing Now? The bank has taken a "better safe than sorry" approach by:Restricting all e-commerce transactions originating from the identified Latin American country.Initiating "Chargebacks": They are working with card networks to claw back the stolen money so that customers don't face the final loss.Tightening BIN Controls: They've identified specific card number series (BINs) that were targeted and added extra layers of monitoring.The RBI Steps In The Reserve Bank of India (RBI) isn't taking this lightly. They’ve summoned Yes Bank executives to explain how sensitive data—including CVV numbers—was exposed and why the existing cybersecurity framework failed to stop the breach before it hit the ₹2.5 crore mark.For anyone holding a forex card, this is a reminder to keep your international transaction limits in check when you aren't traveling!
Around the web
