Page Loader
Lakhs of ATMs in India vulnerable to hackers

Lakhs of ATMs in India vulnerable to hackers

Edited by Supriya
Sep 10, 2017
03:57 pm

What's the story

Over 202,000 ATM machines in India run on Microsoft XP software that hasn't been upgraded in over two years, making them vulnerable to hackers. The resilience of a huge majority of ATMs is low and this makes for an especially precarious situation. Last year, a massive 3.2 million debit cards were compromised and the breach reportedly originated at an ATM back-end system.

Why

Are ATM machines in India secure?

ATM machines in India run on Microsoft's Windows XP. Microsoft stopped issuing security updates and technical support for the software about two years ago in April 2014. Vivek Belgavi, partner and leader at PricewaterhouseCoopers explained that essentially machines that millions use to withdraw money from and perform other banking transactions haven't been upgraded to protect against vulnerabilities.

Details

Who is responsible for securing ATMs?

ATM machines in India aren't owned by banks but by payment technology and service providers like FSS and FIS Global. On behalf of 34 banks, 40,000 ATMs are managed by FSS which in turn buys ATM machines from giants like NCR and Diebold. Navroze Dastur, managing director, NCR India says that the responsibility to upgrade software lies squarely with the banks.

Information

Globally ATM software upgraded; India lagging

ATMs worldwide upgraded from Windows XP to Windows 7. Newer ATM machines deployed in India over last 4 years run on Windows 7 and are supported by Microsoft. Banking head at a software vendor said, "There's lethargy in the system that prevents timely upgrades."

Do you know?

Longer replacement cycles

Globally, ATMs are usually replaced in five year gaps and automatically have newer software. However in India, replacement may happen in 10 year cycles or longer. Decrepit ATM machines are reportedly relocated and not even scrapped despite security issues.

Experts opine

How serious is the threat?

Praveen Bhadada, head of digital transformation at consultancy Zinnov said, "Software and hardware refresh cycles need to shrink if India aims to be a digital transactions economy." Altaf Halde, MD of cybersecurity company Kaspersky said, "We have come across malware in unsupported Windows XP systems. Almost 75% of ATMs in India use unsupported Windows XP." Microsoft declined to comment.

Temporary

The timeline is brewing!

The timeline is brewing!