Yes Bank-BookMyForex forex card breach costs customers Rs 2.5 crore, affects 5,000 users

Following an alleged data breach in the Yes Bank-BookMyForex multi-currency forex card, Yes Bank said in a statement to ET that the bank had flagged unusually high unauthorized transactions on its multi-currency prepaid forex cards on February 24. About Rs 2.5 crore worth of transactions were approved for around 5,000 customers even as 688 attempts were blocked, preventing losses of around Rs 90 lakh.The incident was discovered after the lender’s fraud monitoring systems recorded an unusual spike in the number of declined transactions on specific bank identification numbers (BINs) linked to cards issued in partnership with BookMyForex. The illicit activity was traced to 15 traders in a Latin American country and took place in the early hours of February 24, between 3:30 AM and 8:30 AM IST.

The statement said the country in question does not require two-factor authentication for e-commerce transactions, a gap that may have been exploited. As a precautionary measure, Yes Bank has restricted e-commerce transactions from the affected country, they added.

An internal investigation found that while some fraudulent transactions were approved during the incident period, the bank’s controls stopped hundreds of additional attempts. Yes Bank has now partnered with BookMyForex to collect chargebacks, with the aim of ensuring that affected customers are fully protected from financial losses.

Separately, BookMyForex said in a statement that the data breach did not occur from their servers. “BookMyForex is a technology-driven digital forex services platform that connects customers to RBI-licensed banks and money changers to offer foreign currency products and services at competitive rates. We do not store customers’ sensitive card information and our systems have not been breached or compromised in the relevant period,” the company said.