Amidst an ever increasing push for the digital economy and growing number of cyber-attacks, the Finance Minister of India, Arun Jaitley has revealed in the Parliament that 70 percent of the total number of ATMs in the country are vulnerable to hacking.
MPs- Dr Sunil Baliram Gaikwad and Shri Gajanan Kirtikar, questioned the minister regarding the 70 percent ATMs that are yet to be upgraded to the latest software. These ATMs are still running on WindowsXP, making them prone to hacking.
The MPs also asked whether the RBI has issued any directives to the government for the upgradation of software of ATMs.
In response, Arun Jaitley said that the government was well aware of the situation and instructions had been issued to ensure that all banks and White Label ATM Operators start processing EMV Chip and PIN cards by September 30, 2017, for enhancing the security of card transaction at ATMs.
He said, "While the Windows XP Operating System (OS) is no longer supported by Microsoft, the vendors providing the ATM software that runs on the XP OS are providing their solutions for managing overall vulnerability of ATMs."
He further added, "RBI, as the authority to regulate and supervise the Payment Systems in the country, has advised all Scheduled Commercial Banks to implement appropriate systems and controls to secure the operating system of ATMs. RBI has issued Cyber Security Framework on 2nd June 2016 covering best practices about various aspects of cyber security for IT infrastructure for banks."
He also said that ATMs are less vulnerable as they run on a closed user network. However, the process to upgrade ATMs is more complicated because the upgradation process also involves the merchants who have sold the machines to the banks in the first place.