Mumbai, Oct. 20: Stung by reports of a security breach in which 32 lakh debit cards of various banks are feared to have been "compromised" by a cyber malware attack, banks have suggested precautionary measures to their customers even as the government played down the threat and asked people not to panic.

Several banks, including the State Bank of India, have either recalled or blocked a large number of cards suspected to have been compromised, while some others have asked their customers to change PINs (personal identification number) and restrict their withdrawals to home bank ATMs.

Fraudulent withdrawals have been reported from 19 banks so far, while complaints have been received from a few banks that their customers' cards were used abroad, mainly in China and the US, while the customers were in India.

"All affected banks have been alerted by card networks that a total card base of about 3.2 million could have been possibly compromised. Out of this 0.6 million are RuPay cards," said the National Payments Corporation of India (NPCI), the umbrella body for all retail payments system in India.

The complaints of fraudulent withdrawals so far have come from 641 customers and the total amount involved is Rs 1.3 crore as reported by various affected banks, the NPCI said.

Seeking to calm worried bank customers, the department of financial services additional secretary G.C. Murmu told a news agency, "Only about 0.5 per cent of total debit card details were compromised while remaining 99.5 per cent cards are completely safe and bank customers should not panic."

There are around 60 crore debit cards operational in India, of which 19 crore are indigenously developed RuPay cards while the rest are Visa and Master Card enabled.

The SBI is said to have re-called around 6 lakh cards, while others such as Bank of Baroda, IDBI Bank, Central Bank and Andhra Bank have replaced debit cards of several customers as a pre-emptive measure. Canara Bank has also asked its customers to change their PINs, failing which the cards would be blocked by tomorrow.

Among the private sector players, ICICI Bank, HDFC Bank and Yes Bank have asked customers to change their ATM PINs. HDFC Bank also advised its customers to use its own ATMs for carrying out any transaction.

The suspected security breach happened through a malware in the systems of Hitachi Payments Services, which serves the ATM network of Yes Bank and also some white-label ATMs.

Yes Bank, however, sought to distance itself from the breach and stressed the need to police service providers in a better way. "There needs to be a lot more vigilance where there are outsourcing partners," Yes Bank chief Rana Kapoor said.

Hitachi Payment Services also defended itself saying its system was not compromised, quoting an interim report by an external audit agency appointed by it.

Hitachi Payment Services managing director Loney Antony said the interim report published in September does not suggest any breach in its systems.

Murmu, however, said data of the users who have transacted from ATM machines of Hitachi have been compromised during May, June and July.