Complying to the security concerns around automated teller machines (ATMs), the Reserve Bank of India (RBI) on Thursday set certain compliance timelines. This move was taken with effect to the banks making slow progress in addressing the issues pertaining to the ATMs. RBI slated strict timelines to upgrade the ATMs or face strict actions.
As per the timeline, banks have to implement a host of security measures by August and upgrade all ATMs with the supported version of operating in a phased manner by June next year. There were over 2.06 lakh ATMs across the country till February-end.
In April 2017, the RBI through a “confidential circular” to banks had highlighted concerns about the ATMs running on Windows XP and/or other unsupported operating systems. The banks were also asked to put in place, with immediate effect, suitable controls enumerated in the illustrative list of controls.
The slow progress on the part of the banks in addressing these issues has been viewed seriously by the RBI,” the central bank said in a circular to heads of banks and white label ATM operators.
The upgradation of the ATMs have become a necessary step as the RBI stated that vulnerability rising from the ATMs have dismantled the smooth working of the machines because of the outdated or non-supportive working system and if this continues the customers will be affected demeaning the image of the bank.
Banks and white label ATM operators have been asked to implement security measures such as BIOS password, disabling USB ports, disabling auto-run facility, applying the latest patches of the operating system and other software, terminal security solution, time-based admin access by August. They have to implement an anti-skimming and whitelisting solution by March 2019.
Further, all the ATMs have to upgrade with supported versions of operating system. The RBI has asked them to upgrade not less than 25% of their ATMs with the supported operating system by September and 50% by December.