RBI's Big Worry! About 74% Public Sector Bank ATMs Vulnerable to Frauds

By Team CR Monday, 23 July 2018

About 74 percent automated teller machines (ATMs) of public sector banks are running on outdated software - which makes these machines highly vulnerable to frauds. The revelation came in response to a question in the Parliament on whether the softwares used for the ATMs are supported.

Currently, India has over 2 lakh ATMs and approximately 70 percent of them still run on Windows XP - which Microsoft itself stopped supporting in 2014.

Earlier in June, the Reserve Bank of India gave all the banks strict timelines to upgrade their ATMs or else face action. As per the timeline, banks have to implement a host of security measures by August and upgrade all ATMs with supported version of operating in a phased manner by June 2019. 

Last year In April, the RBI through a confidential circular to banks had highlighted concerns about the ATMs running on Windows XP and/or other unsupported operating systems. "The slow progress on the part of the banks in addressing these issues has been viewed seriously by the RBI," the central bank said in a circular to heads of banks and white label ATM operators.

The central bank said that the vulnerability arising from the ATMs operating on unsupported version of operating system and non-implementation of other security measures could potentially affect the interests of the banks' customers adversely.

"It may be noted that any deficiency in timely and effective compliance with the instructions contained in this circular may invite appropriate supervisory enforcement action under applicable provisions of the Banking Regulation Act, 1949 and/or Payment and Settlement Systems Act, 2007," it said.

Banks and white label ATM operators have been asked to implement security measures such as basic input/output system (BIOS) password, disabling USB ports, disabling auto-run facility, applying the latest patches of operating system and other softwares, terminal security solution, time-based admin access by August. The banks will have to implement anti-skimming and white listing solution by March 2019.

Further, all the ATMs have to be upgraded with supported versions of operating system. The RBI has asked all the banks to upgrade not less than 25 percent of their ATMs with supported operating system by September and 50 percent by December. All the ATMs should be upgraded by June 2019.

Banks were also asked to take the circular before the board of directors at ensuing meeting, along with the proposed action plan for implementation of the measures, and report to the RBI by July. "The progress made in implementation of these measure should be closely monitored to ensure meeting the prescribed timelines," the circular had added.

The instruction was issued in wake of increasing number of ATM frauds.

Current Issue