Over 70% PSU banks ATMs at fraud risk, running on outdated software: Centre

By NT Bureau Published on Jul 24, 2018 02:58 PM IST

Chennai: The Centre had recently hinted that around 74 per cent public banks ATMs could be at fraud risk as they are still running on outdated software.

The statement came in response to a query in the Parliament on ATMs running on software that was outdated or unsupported.

The Reserve Bank of India has pulled up banks for not upgrading the ATMs with advance operating systems having the latest security features.

The central bank has asked banks to upgrade the operating systems and beef up security features in Automated Teller Machine (ATM) machines with immediate effect to prevent frauds. Banks have to complete upgrades with the latest operating systems by June 2019.

"The slow progress on the part of the banks in addressing these issues has been viewed seriously by the RBI. The vulnerability arising from the banks' ATMs operating on unsupported version of operating system and non-implementation of other security measures, could potentially affect the interests of the banks' customers adversely, apart from such occurrences, if any, impinging on the image of the bank," the RBI said.

RBI has given timelines to banks so that new operating systems and security features can be installed. The central bank has also asked a copy of the circular may be placed before the Board of Directors at its ensuing meeting, along with the proposed action plan for implementation of these measures.

Banks need to submit a Board-approved compliance or an action plan detailing the implementation plan by 31 July.

Experts have stated that the progress made in implementation of these measures should be closely monitored to ensure meeting the prescribed timelines, failing which would invite supervisory enforcement action.

Banks have to implement security measures such as BIOS (basic input/output system) password disabling USB ports, disabling auto-run facility, applying the latest patches of operating systems and other software by August this year.

Banks will also have to implement anti-skimming and whitelisting solution by March 2019.