New Delhi: A cyber security concern has emerged in India’s banking sector following reports of a possible data breach linked to the BookMyForex multi-currency forex card system associated with Yes Bank. Authorities suspect that sensitive card information of millions of customers, including CVV security codes, may have been exposed. Considering the seriousness of the matter, the Reserve Bank of India (RBI) has summoned senior officials of Yes Bank seeking a detailed explanation.
According to reports, suspicious transactions were also detected after a potential breach in the banking system. Internal investigations revealed unauthorized transactions linked to 15 merchant outlets in a Latin American country on February 24. Around 5000 customers were reportedly involved in transactions worth nearly ₹2.54 crore, while 688 suspicious and unauthorized attempts totaling approximately ₹90 lakh were blocked by the system.
FCRF Launches Flagship Certified Fraud Investigator (CFI) Program
Yes Bank has not issued a detailed public statement but clarified that a chargeback mechanism has been initiated to protect affected customers from financial losses. The bank said it is working with card network partners to ensure customers receive relief in case of unauthorized payments. BookMyForex also stated that it does not store sensitive customer card data and found no evidence of any system compromise.
Meanwhile, the RBI has sought answers from Yes Bank regarding several security-related aspects. The regulator wants clarification on how sensitive card data, especially CVV numbers, was protected and whether encryption and cyber security protocols were properly followed. The investigation also aims to determine why existing cyber controls failed to prevent the possible attack.
The RBI is also examining how quickly the breach was detected, the reporting timeline, the effectiveness of third-party risk management oversight, and the number of customers affected. The regulator is reviewing measures taken to block cards, prevent unauthorized transactions, and minimize potential financial damage.
Cybersecurity experts say that data breach incidents are rising with the rapid expansion of digital banking services. Services such as multi-currency forex cards carry higher risk due to data sharing with third-party platforms. Experts advise customers to regularly monitor their card statements and immediately report any suspicious transactions to their banks.
The incident has also sparked a broader debate about cybersecurity infrastructure in the Indian banking system. Regulatory agencies are now emphasizing stronger data protection frameworks for financial institutions to ensure the safety of customer financial and personal information.
About the author — Suvedita Nath is a science student with a growing interest in cybercrime and digital safety. She writes on online activity, cyber threats, and technology-driven risks. Her work focuses on clarity, accuracy, and public awareness.
