The Weekly Obiter


July 04, 2018

On observing the vulnerability arising from the nationalized banks’ Auto-mated Teller Machine (hereinafter mentioned as “ATM”) which have been functioning on unsupported version of operating system and had no implementation of security measures. Reserve Bank of India (hereinafter referred as “RBI”) brought forward a notification mentioning the control measures for ATMs and also specified the time period in which it has to be completed. They also stated that in order to address’ these issues in a time-bound manner, nationalized banks and White-Label ATM Operators are advised to initiate immediate action in this regard and to implement the following control measures in the prescribed timelines.
The prescribed control measures are as follows:
 Implement security measures such as BIOS password, disabling USB ports, disabling auto-run facility, applying the latest patches of operating system and other soft wares, terminal security solution, time-based admin access.
 Implement anti-skimming and whitelisting solution.
 Upgrade all the ATMs with supported versions of operating system.
The RBI also notified that such upgrades shall be carried out in a phased manner in respect of the existing ATMs running on unsupported versions of operating system. All of the ATMs shall be upgraded by June 2019.
Moreover, a copy of the circular along with the proposed action plan in relation to these will have to be placed before the Board of Directors in its fol-lowing meeting. Posterior to which the Board-approved action plan has to be sent to the RBI latest by 31.07.2018. Since the implementation of the control measures would require field visits to ATMs, therefore banks are expected to plan and implement these measures in the manner best suited. Any deficiency in effective and timely compliance with the instructions may attract supervisory enforcement action under the provisions of Banking Regulation Act, 1949 and Payment and Settlements Act, 2007.