Upgrade OS on ATM machines: RBI to banks
Banks will need to upgrade from Windows XP to a newer OS by September 2019.
Since the widespread attacks of WannaCry on old PCs last year, organisations around the world have started exercising caution when it comes to data security. However, most organisations in India, particularly the banks, didn’t pay any heed to the learnings from the incident and have been still continuing on the older operating systems of yesteryears. All that is about to change as the Reserve Bank of India has taken it upon itself to get secure computing systems implemented with the adoption of modern operating systems.
According to a memo released from the regulatory body, RBI requires all banks to upgrade the operating systems on their ATM machines in a phased manner. The banks will be required to install modern and more secure operating systems on their ATM machines, moving on from the existing Windows XP-based systems.
“The slow progress on the part of the banks in addressing these issues has been viewed seriously by the RBI. As you may appreciate, the vulnerability arising from the banks’ ATMs operating on unsupported version of operating system and non-implementation of other security measures, could potentially affect the interests of the banks’ customers adversely, apart from such occurrences, if any, impinging on the image of the bank,” says RBI in the memo.
Windows XP was left on its own by Microsoft in 2014, with no official rollout of security patches and new features. Microsoft had been recommending the newer Windows 10 OS for organisations, highlighting its improved security measures and a consistent support from the Redmond giant when it comes to security issues. RBI’s new directive could lead banks to move to latest Windows 10 OS for their machines, ensuring diminished vulnerability to cyber attacks.
Apart from the updated software, RBI has also directed banks to implement security measures such as BIOS password, disabling USB ports, disabling auto-run facility, applying the latest patches of an operating system and other software, terminal security solution and time-based admin access by August 2018. They will also need to implement anti-skimming and whitelisting solutions by March 2019.
(source)