ATM overhaul: Following RBI diktat, banks must do their bit now to protect customers' data and check fraud

The largest data breach in India’s banking sector, in 2016 due to a malware injection, is still afresh in our minds. In fact, a recent ASSOCHAM study revealed that credit and debit card frauds have witnessed a six-fold increase in the past three years.

Fraudsters are becoming increasingly sophisticated and efficient in identifying and exploiting vulnerabilities. All businesses including those online are losing revenue owing to mean-scheming hackers and fraudsters every single day.

To protect business and customers from constantly changing fraud threats, there is a need for adopting the latest technologies that offer flexibility, responsiveness, scalability and adaptability without sacrificing accuracy. One must always remember that staying ahead of fraud is a never-ending battle.

Representational image. Reuters.

Representational image. Reuters.

Against that backdrop, the Reserve Bank of India (RBI), on 21 June, 2018, as part of its ‘control measures for ATMs’ correctly directed banks and white-label ATM operators (WLAOs) to implement anti-skimming and white listing solutions by March 2019.

In addition, the directive asks all banks and WLAOs to phase-wise upgrade all ATMs with supported versions of the operating system by June 2019. RBI added that any deficiency in timely and effective compliance with the instructions may invite “appropriate supervisory enforcement action.”

By August 2018, the RBI has directed banks to implement security measures such as the ‘Basic Input Output System’ (BIOS) password, disabling USB ports, disabling auto run facility, applying the latest patches of operating system and other software, adding a terminal security solution and implementing time-based admin access.

The central bank has also asked banks to upgrade all ATMs with supported versions of the operating system. These upgrades should be carried out in a phased manner and are as follows: not less than 25 percent of the ATMs should be upgraded by September 2018; at least 50 percent by December 2018; at least 75 percent by March 2019 and the rest by June 2019.

Why must banks make the switch?

For the financial services sector, the process of upgrading IT tools to the latest versions should be a priority. With the potential consequences of continuing to run outdated and unsupported operating systems so high, especially in devices such as ATMs, banks cannot afford to get left behind. The longer financial institutions put off their migration plans, the more likely they are to fail to complete the process before the deadline.

If banks are still running unsupported operating systems, they will be exposed to a wide range of issues and security threats. This could also potentially affect the interests of the banks’ customers, as well as damage the image of the bank.

Upgrading to Windows 7 and Windows 10 will deliver new value and benefit to banks and their customers. Also, new technology will help banks gain a competitive advantage over their rivals. Upgrades will also benefit the banks in the following ways:

1) Maintain high standards of security and responsibility

2) Cut costs by planning for the long-term

3) Improve customer experience

4) Enhance operations and management efficiencies

5) Save time with quick installation and easy recovery

6) Simplify connectivity

7) Improve stability and longevity

Windows 7 and Windows 10 have emerged as the corporate standard operating system across the world. However, it is beneficial for banks to upgrade to Windows 10 as Microsoft will stop supporting Windows 7 on 14 January, 2020.

While the shift to Windows 10 will ensure that financial institutions will continue to benefit from security patches and other updates to keep their systems protected, migrations should be seen as much more than guarding against potential vulnerabilities. It should also be viewed as an opportunity to embrace the latest technology and keep up with innovation in the industry. Upgrading to the latest operating system also enables banks to modernise their systems and support branch transformation solutions such as the latest self-service tools to improve the user experience.

Windows 10 will also help organisations integrate technology such as Internet of Things (IoT) smart sensors, biometrics and contactless technologies into their ATM fleets. With Windows 10 set for a ten-year life cycle, this can ensure that banks are well set up for many years to come.

Today, upgrading ATMs remains the need of the hour for banks since it is preferable and indeed far more responsible to implement an operating system that is subject to a significant and continuous investment in security vis-à-vis one that has no response available to new criminal attacks.  The clock is ticking for banks that still rely on the old version for their key systems.

India has the third largest number of installed ATMs, behind China and the USA but about 74 percent of all automated teller machines (ATMs) of public sector banks (PSBs) are running on outdated software, which makes these machines highly vulnerable to frauds.

ATm Map of India

With many challenges still to overcome, cash continues to remain the world’s most trusted and fastest form of payment. The ATM remains an extremely important element of the modern retail banking industry. It will continue to play an important role in how banks interact with consumers and deliver services.

Brick-and-mortar, brick-and-click, or completely web-based, it does not matter where payment transactions take place. Organisations must realise that data security and fraud prevention are essential to the success of their entire business. It is no more a ‘choice’ but a ‘priority’.

(The author is managing director, NCR India)


Updated Date: Jul 30, 2018 14:37 PM

Also See