Yes Bank Officials Summoned by RBI Over Alleged Forex Card CVV Data Breach

Yes Bank Faces RBI Scrutiny Over Data Breach Incident

The Reserve Bank of India (RBI) has summoned top officials from Yes Bank to investigate a major data breach linked to the Yes Bank-BookMyForex multi-currency forex card. According to sources, the breach compromised sensitive customer data, including CVV numbers of several customers.

RBI's Investigation Demands

The central bank has requested a detailed account from Yes Bank's senior management, including:

Read also: Sony, 3one4 Capital Support WeRize in Latest Funding Round, Fintech Eyes 2028 Initial Public Offering

• The root cause of the incident
• The timeline of the breach
• The strength of its cybersecurity architecture
• How confidential card data was exposed, particularly CVV numbers
• Immediate containment steps taken

Yes Bank's Response

The bank has stated that an internal investigation detected fraudulent transactions involving 15 merchants in a Latin American country on February 24. Transactions worth about Rs 2.54 crore were approved across 5,000 customers, while 688 unauthorized attempts amounting to nearly Rs 90 lakh were blocked. Yes Bank is coordinating with the card network to process chargebacks and prevent financial losses.

BookMyForex Denies Involvement

Read also: Expert Portfolio Manager Raja Venkatraman Names Top Investment Picks for June 4

Separately, BookMyForex has stated that it does not retain customers' sensitive card details and maintains that its systems were neither breached nor compromised during the period under review.

RBI's Further Investigation

The RBI is examining various aspects of the incident, including:

• How sensitive card data was stored and secured
• Whether encryption and prescribed security protocols were followed
• Why existing cyber controls failed to prevent the incident
• The timeline of detection and disclosure
• The adequacy of third-party risk oversight
• The number of affected customers
• Measures taken to block cards, curb misuse, and limit potential losses

Corrective Actions

The RBI has also asked for details on internal accountability, possible supervisory gaps, and corrective safeguards being implemented to prevent a recurrence.