Banks have the tendency to show less concern regarding the threat of monetary loss due to ATM attacks. Only 19% of banks are worried about attacks on ATM machines, in spite of the growing malware targeting this part of a banks’ infrastructure. This is expected to rise in the coming days if necessary mechanisms are not adopted in time.
The vast majority of India’s ATM cash machines run on Microsoft’s XP operating system. In a notice to the nation’s banks, issued last on June 21st, 2018, the Reserve Bank makes it clear that XP “and other unsupported operating systems” have been on its mind since at least April 2017, when it issued a circular outlining its concerns.
Microsoft first released Windows XP in 2001, seventeen years ago, and stopped supporting the operating system in 2014. This meant that it stopped developing new security patches for Windows XP, which would protect it from software exploits developed by hackers. Despite this, Indian banks continue to run their ATMs software on Windows XP, which is an obvious and glaring security risk.
Indian banks now have till the end of July to send an action plan to the RBI, which requires basic security measures by August this year, followed by updating of ATM security starting from September this year, to be completed by June 2019.
According to eScan, a timely reminder of the growing threats faced by financial institutions can save numerous fraudulent. The users or customers need to be equally alert to these concerns. There are several guidelines which can change the scenario:
1) Never disclose/ write your login details anywhere
2) To do any online transaction, never hand over your smartphone to strangers like restaurant staff, supermarket attendant, the mall employee, fuel station staff etc.
3) Ensure that you have installed a reputed mobile antivirus and regularly scan your smartphone for the presence of any suspicious app or detect and mitigate any suspicious activity.
4) Lastly, there has to be a regular supervision of your banking statements so that the discrepancies (if any) can be informed to the concerned bank.
Read more to be updated on the eScan blog here.
