The Reserve Bank of India (RBI) will by the end of this month reveal steps to improve the safety of automated teller machines, popularly known as ATMs. The central bank’s Monetary Policy Committee (MPC) met on Thursday and decided to keep the key interest rate, the repo rate, unchanged at 5.15%. Besides issuing the policy, the bank also released its ten-point Statement on Developmental and Regulatory Policies. The decision on the ATMs is part of that.
A number of commercial banks, urban cooperative banks and other regulated entities are dependent upon third party application service providers for shared services for ATM switch applications.
The central bank said that since these third party application service providers also have exposure to the payment system landscape and are, therefore, exposed to the associated cyber threats, it has been decided that certain baseline cyber security controls shall be mandated by the regulated entities in their agreements with these service providers.
The guidelines would require implementation of several measures to strengthen the process of deployment and changes in application softwares in the ecosystem; continuous surveillance; implementation of controls on storage, processing and transmission of sensitive data; building capacity for forensic examination; and making the incident response mechanism more robust.
Incidents of cloning, phishing that defraud customers of their money have been on the rise. Banks have responded to these threats and have taken steps to prevent occurrence of such events. Most banks in India, with the notable exception of the country’s largest public sector lender State Bank of India and a few others, have replaced magnetic stripe debit cards with chip-based cards to make payments secure.