The bank, however, managed to decline 688 unauthorised transaction attempts, safeguarding roughly $100,000, it said.
“The bank is working with the card network to raise chargeback to ensure that the impacted customers do not face any financial loss,” it said in a statement late on Wednesday.
The bank said the fraudulent transactions were carried out on 15 merchants based in a Latin American country in the early hours of February 24, 2026, between 3:30 am and 8:30 am (IST).
The bank did not name the Latin American country, but said the country does not mandate two-factor authentication for e-commerce transactions.
As a security measure, the bank has subsequently restricted e-commerce transactions from the specific Latin American country, it said, adding that it remains committed to the highest standards of data security and customer protection.
“The bank continues to closely monitor the situation and is working with all relevant stakeholders to ensure customer interests are safeguarded,” it further said.

