Taking a serious note of the slow progress made by banks in addressing security issues, the Reserve Bank of India today gave them strict timelines to upgrade their ATMs or else face action.
As per the timeline, banks have to implement a host of security measures by August and upgrade all ATMs with supported version of operating in a phased manner by June next year.
There were over 2.06 lakh ATMs across the country till February-end.
In April 2017, the RBI through a “confidential circular” to banks had highlighted concerns about the ATMs running on Windows XP and/or other unsupported operating systems. The banks were also asked to put in place, with immediate effect, suitable controls enumerated in the illustrative list of controls.
“The slow progress on the part of the banks in addressing these issues has been viewed seriously by the RBI,” the central bank said in a circular to heads of banks and white label ATM operators. The instruction has been issued in the wake of increasing number of ATM frauds.
The RBI said that the vulnerability arising from the ATMs operating on unsupported version of operating system and non-implementation of other security measures could potentially affect the interests of the banks’ customers adversely, apart from such occurrences, if any, impinging on the image of the bank.
It may be noted that any deficiency in timely and effective compliance with the instructions contained in this circular may invite appropriate supervisory enforcement action under applicable provisions of the Banking Regulation Act, 1949 and/or Payment and Settlement Systems Act, 2007.RBI
Banks and white label ATM operators have been asked to implement security measures such as BIOS password, disabling USB ports, disabling auto-run facility, applying the latest patches of operating system and other softwares, terminal security solution, time-based admin access by August.
They have to implement anti-skimming and whitelisting solution by March 2019. Further, all the ATMs have to upgraded with supported versions of operating system.
The RBI has asked them to upgrade not less than 25 percent of their ATMs with supported operating system by September and 50 percent by December. All the ATMs should be upgraded by June 2019, as per the timeline notified by RBI.
Banks have been asked to take the circular before the board of directors in ensuing meetings, along with the proposed action plan for implementation of the measures, and report to the RBI by July.
“The progress made in implementation of these measure should be closely monitored to ensure meeting the prescribed timelines,” the circular added.