Include anti-skimming tools in ATMs: RBI to banks

The Reserve Bank of India (RBI) has asked all banks to implement anti-skimming solutions in ATMs to protect customers from phishing.

In a letter addressed to the heads of all scheduled commercial banks (SCBs), the central bank asked them to install anti-skimming and whitelisting solutions by the end of the current financial year.

Late last year, many banks, including Bengaluru-based Canara Bank and Corporation Bank, had blocked cards on a large scale to prevent fraudulent transactions.

The apex bank has also warned banks of strict action if they miss the deadline.

“Any deficiency in timely and effective compliance with the instructions contained in this circular may invite appropriate supervisory enforcement action under applicable provisions of the Banking Regulation Act, 1949 and/or Payment and Settlement Systems Act, 2007,” the letter said.

The RBI has also asked banks to upgrade all ATMs with supported versions of operating systems in a phased manner. According to the directive, 25% of this upgradation must be completed by September and the rest by March 31, 2019. The ATM operating systems must be fully upgraded by June next year.

In April 2017, the RBI, through a “confidential circular” to banks had highlighted concerns about ATMs running on Windows XP and/or other unsupported operating systems.

The RBI had also issued two “confidential advisories” to banks on March 6, 2017 and November 1, 2017, advising banks to put in place suitable controls enumerated in the illustrative list of controls, with immediate effect.

However, the RBI lashed out at banks for the slow progress.

“The slow progress on the part of the banks in addressing these issues has been viewed seriously by the RBI. As you may appreciate, the vulnerability arising from the banks’ ATMs operating on unsupported versions of operating systems and non-implementation of other security measures, could potentially affect the interests of the banks’ customers adversely,” the letter said.