Digital Security Association speaks about Indian banking system

By Balamurugan Selvaraj Published on Jul 03, 2018 02:46 PM IST

Several banks in India follow decade-old operating systems and are now pushed by Reserve Bank of India to change with new and secure ones available in the market.

A circular, 'Control measures for ATMs - Timeline for compliance', sent from the Chief General Manager of Reserve Bank emphasises this. The release, published 21 June, stated that banks should use an operating system that will increase customers' faith and online banking security.

The timeline to carry out the task is:

* To implement security measures such as BIOS password, disabling USB ports, disabling auto-run facility, applying latest patches of operating system and other software, terminal security solution, time-based admin access, etc.; the bank has given time till August of this year.

* To implement anti-skimming and whitelisting solution, March month of 2019 is deadline.

* RBI has announced a separate chart to complete the upgrade of operating systems installed in all ATMs with supported versions of operating system in a phased manner.

* 25 per cent of ATMs should be upgraded before September 2018.

* 50 per cent of them should be upgraded by December 2018.

* Not less than 75 per cent of them shall be upgraded by March 2019.

* The entire process has to be completed by June 2019.

To know about the reality, News Today caught up with the chairman of Digital Security Association of India, Rajendran, recently.

Excerpts from his interview:

 

Q: What do you think about RBI's new move?

A: I welcome their action. But I do not know how they are going to ensure the result.

Q Microsoft ended the support for XP in 2014. Why has RBI taken initiative for upgradation after four years?

A: It's late, but at least they have taken the interest now to improve the standard of security through new operating systems. I don't know how banks are going to take this seriously. Most of the time, RBI issues orders and fails to ensure that they are followed.

Q: RBI is keen on closing external ports and enabling boot lock. What about virtual access?  

A: Virtual ports are based on software installed in the system. Every bank has different software to handle the operation. It is difficult to find virtual ports that are vulnerable. Rather than banking applications, ATMs are installed with different stand alone packages to carry out the core banking applications. So, it is difficult for the administration to sit and work on virtual or logical ports alone. Even RBI can't instruct them in this. Instead, RBI can give instructions to increase physical protection of banks and ATMs.

Q: Why is there chaos in online transactions in some places?

A. Whenever a customer loses money through Internet banking, it is more often considered as customer's fault than bank's. Most of the banks pinpoint the customer for mishandling OTP. But when a bank is robbed, it is considered bank's money, so they tend to look for insurances to restore the loss. This is when RBI's involvement comes and they issue strict norms when it comes to online transactions.

Q. What is your take on institutions using pirated software?

A. I agree that people in India are tops in use of pirated or unlicensed software. It is horrible that some financial institutions are also using them. But I don't think it will lead to security issues.