In what could signal a major risk for PSU bank ATMs, the government on Friday indicated that nearly 74% of the machines are running on outdated software. The statement on state-run banks came in response to a query in the Parliament on ATMs running on software that was outdated or unsupported. Notably, these machines may be vulnerable to fraud, due to lower security features.
Earlier, the Reserve Bank of India had issued a circular directing all banks in India to upgrade their software by June 2019. According to the directive, all banks operating in the country – both public and private must shift from the Windows XP platform on their ATMs by June 2019. The missive from the RBI, as per its circular dated June 21, comes exactly four years after Microsoft announced in 2014 that all the versions of the venerable Windows XP build are deemed discontinued.
The circular issued by the apex bank regulatory body outlines the vulnerability ‘arising from the banks’ ATMs operating on unsupported version of operating system and non-implementation of other security measures’. It thereby reminds the banks to refer to a confidential memorandum that was sent to them in April last year. In addition to the mandate on OS upgrade, the banks have been informed by RBI to implement other security measures such as overhauling BIOS password for all the ATMs, disabling USB ports, and applying the ‘latest patches of operating system’ among others.
The ATMs that are still running Windows XP or other unsupported versions of the operating system must be upgraded to the latest OS counterpart in a phased manner. While September 2018 has been set as the deadline for at least 25 per cent of ATMs to be upgraded, 50 per cent of them needs to run the latest version by December 2018. The entire line of ATMs operating in India must be updated to the newest version by June 2019.