India

Lakhs of ATMs in India vulnerable to hackers

12 Dec 2016 | By Supriya
How vulnerable is your neighbourhood ATM?

Over 202,000 ATM machines in India run on Microsoft XP software that hasn't been upgraded in over two years, making them vulnerable to hackers.

The resilience of a huge majority of ATMs is low and this makes for an especially precarious situation.

Just 2 months ago, a massive 3.2 million debit cards were compromised and the breach reportedly originated at an ATM back-end system.

In context: How vulnerable is your neighbourhood ATM?

WhyAre ATM machines in India secure?

ATM machines in India run on Microsoft's Windows XP.

Microsoft stopped issuing security updates and technical support for the software about two years ago in April 2014.

Vivek Belgavi, partner and leader at PricewaterhouseCoopers explained that essentially machines that millions use to withdraw money from and perform other banking transactions haven't been upgraded to protect against vulnerabilities.

DetailsWho is responsible for securing ATMs?

ATM machines in India aren't owned by banks but by payment technology and service providers like FSS and FIS Global.

On behalf of 34 banks, 40,000 ATMs are managed by FSS which in turn buys ATM machines from giants like NCR and Diebold.

Navroze Dastur, managing director, NCR India says that the responsibility to upgrade software lies squarely with the banks.

Love India news?
Stay updated with the latest happenings.

Globally ATM software upgraded; India lagging

ATMs worldwide upgraded from Windows XP to Windows 7. Newer ATM machines deployed in India over last 4 years run on Windows 7 and are supported by Microsoft. Banking head at a software vendor said, "There's lethargy in the system that prevents timely upgrades."

12 Dec 2016Lakhs of ATMs in India vulnerable to hackers

Longer replacement cycles

Globally, ATMs are usually replaced in five year gaps and automatically have newer software. However in India, replacement may happen in 10 year cycles or longer. Decrepit ATM machines are reportedly relocated and not even scrapped despite security issues.
How serious is the threat?

Experts opineHow serious is the threat?

Praveen Bhadada, head of digital transformation at consultancy Zinnov said, "Software and hardware refresh cycles need to shrink if India aims to be a digital transactions economy."

Altaf Halde, MD of cybersecurity company Kaspersky said, "We have come across malware in unsupported Windows XP systems. Almost 75% of ATMs in India use unsupported Windows XP."

Microsoft declined to comment.

Love India news?
Stay updated with the latest happenings.

18 Mar 201729 lakh debit cards compromised last year

The government said that over 29 lakh debit cards were the victims of malware attacks in 2016. The cards in question were those used on ATM machines operated by Hitachi.

Minister of State for Finance Santosh Kumar Gangwar said that despite this, only 3291 cards were successfully compromised by the attackers.

RBI has written to Hitachi about the issue and is awaiting a response.