Banks all over the country are not making much progress in regard to improve the security concerns of ATM (Automated Teller Machine). Viewing such slow progress RBI has implied compliance timeline.
RBI has stated that any delay in the applying effective security measure will lead to “appropriate supervisory enforcement action”.
Explaining this move RBI stated that “The slow progress on the part of the banks in addressing these issues has been viewed seriously by the RBI”
The increasing vulnerability of banks due to the ATMs operating on the unverified version of operating system and no proper implementation of any efficient security measure can effect the customer’s interest.
Such situation can work against the bank and they can end up in losing customers. “In order to address these issues in a time-bound manner, banks and White-Label ATM operators are advised to initiate immediate action in this regard and implement the following control measures as per the prescribed timelines,” added RBI.
Banks are asked to imply first set of security measure by August 2018. It will include instigating security methods like Basic Input Output System (BIOS) password, inactivating USB ports, restricting autorun service, running the updated patches of the operating system and other software’s, crucial safety solution and timely admin admission.
ATM lenders are ordered to apply whitelisting and anti-skimming solution by March 2019. RBI has also ordered the lenders to elevate ATMs security by implementing support version of operating system.
All the up gradation of security software will be implied in four phases. At least 25 percent of ATMs are expected to work on new up gradation by September 2018 and 50 percent target should be achieved by December 2018
Rest 75 percent is expected to be complete by March 2019 and remaining after that by June 2019.
Banks will be facing the penalty in case they fail to meet the deadline set by RBI “It may be noted that any deficiency in timely and effective compliance with the instructions contained in this circular may invite appropriate supervisory enforcement action under applicable provisions of the Banking Regulation Act, 1949 and/or Payment and Settlement Systems Act, 2007,” said RBI.