State of ATMs in India Right Now
- 70 percent of 2 lakh ATMs in India still run on Microsoft’s Windows XP operating system.
- Microsoft stopped supporting Windows XP in 2014.
- Most ATMs are now attacked via malware.
- Experts says it will take 6 months to migrate ATMs from older OS to the latest version.
- It has become easier to build malware.
Hacking is a hotly debated subject across the country right now, and it’s fair to say that the ATM next door is also in danger. It has been reported that over 70 percent of the 2 lakh money-dispensing ATM machines in our country are running on Microsoft’s outdated Windows XP operating system, leaving it vulnerable to cyber attacks.
Support for Windows XP was discontinued by Microsoft in 2014 which means that since then the company hasn’t rolled out any security updates for this Windows version.
While it doesn’t make sense for banks to continue using outdated software, security experts feel that the practice stems from legacy behaviour, when physical attacks were a bigger threat than software hacks.
Most banks were equipped to handle common ATM attacks like ATM card or PIN skimming. Which is why they have relied on building a secure network across the central banking system and monitoring financial activities. This gave them the false notion that running on outdated operating systems wouldn’t be an issue.Nilesh Jain, Country Manager - India and SAARC, Trend Micro
But as we have seen over the past few years, there has been a rise in the number of malware attacks, and this according to Jain has catapulted a change in attitude from the banks, forcing them to make changes on the software front as well.
This change, however, is not going to happen overnight. However, security companies like Trend Micro have assured us that system software updates are underway.
Migration from outdated OS to the latest one is a humongous exercise which involves large-scale investment of money and manpower. It will take approximately 6 months to upgrade the existing systems in 70 percent of India’s ATMs, which are running on older OSs.Nilesh Jain, Country Manager - India and SAARC, Trend Micro
Earlier this year, following a malware-related security breach, the State Bank of India (SBI), HDFC Bank, ICICI Bank, Axis Bank and YES Bank blocked millions of debit cards that were compromised in one of the biggest data breaches in India’s financial sector.
Also Read:
Debit Card Fraud: How Safe Are Mobile Banking And Digital Wallets?
In banks, a breach can happen at multiple levels – like at an ATM, data centre, server network or through mobile banking. The ATM today is an easy target for hackers.Anand Ramamoorthy, Managing Director, Intel Security, South Asia
According to experts, banks need to work towards gradually enabling EMV chip and PIN-enabled cards at ATMs to make transactions secure.
The Threat of Malware
Malware is a software which is specifically designed to disrupt or damage a computer system.
Ignorance is bliss, they say, but in matters of financial security, it can be viewed as a recipe for disaster. Things are changing for the good, as Nilesh highlights here:
Most banks were concerned about physical attacks on ATM machines, but now they understand the threat posed by malware.
But why do people wait for such attacks to happen to bring about a change? To which, he says:
The strength of malware has increased over the past year or two. It is hard to keep a track of how quickly these evolve. This is where banks get caught on the wrong foot.Nilesh Jain, Country Manager - India and SAARC, Trend Micro
Anyone can build malware and infect a system, and the built-in security system won’t even detect it.
It is easy to develop malware in 2 weeks, to be used by the nexus of organised cyber criminals to infiltrate into any system across the world and help others to do so.
If there’s any respite from all this unwanted chaos is that security experts like Trend Micro and few others are working with banks to improve their current software ecosystem. These measures can only work in the short-term, so we’re hoping that major security overhauls happen in due course.
(Source: Economic Times)
(At The Quint, we are answerable only to our audience. Play an active role in shaping our journalism by becoming a member. Because the truth is worth it.)