Lakhs of ATMs in India vulnerable to hackers
Over 202,000 ATM machines in India run on Microsoft XP software that hasn't been upgraded in over two years, making them vulnerable to hackers. The resilience of a huge majority of ATMs is low and this makes for an especially precarious situation. Last year, a massive 3.2 million debit cards were compromised and the breach reportedly originated at an ATM back-end system.
ATM machines in India run on Microsoft's Windows XP. Microsoft stopped issuing security updates and technical support for the software about two years ago in April 2014. Vivek Belgavi, partner and leader at PricewaterhouseCoopers explained that essentially machines that millions use to withdraw money from and perform other banking transactions haven't been upgraded to protect against vulnerabilities.
ATM machines in India aren't owned by banks but by payment technology and service providers like FSS and FIS Global. On behalf of 34 banks, 40,000 ATMs are managed by FSS which in turn buys ATM machines from giants like NCR and Diebold. Navroze Dastur, managing director, NCR India says that the responsibility to upgrade software lies squarely with the banks.
ATMs worldwide upgraded from Windows XP to Windows 7. Newer ATM machines deployed in India over last 4 years run on Windows 7 and are supported by Microsoft. Banking head at a software vendor said, "There's lethargy in the system that prevents timely upgrades."
Globally, ATMs are usually replaced in five year gaps and automatically have newer software. However in India, replacement may happen in 10 year cycles or longer. Decrepit ATM machines are reportedly relocated and not even scrapped despite security issues.
Praveen Bhadada, head of digital transformation at consultancy Zinnov said, "Software and hardware refresh cycles need to shrink if India aims to be a digital transactions economy." Altaf Halde, MD of cybersecurity company Kaspersky said, "We have come across malware in unsupported Windows XP systems. Almost 75% of ATMs in India use unsupported Windows XP." Microsoft declined to comment.
The timeline is brewing!