With Microsoft deciding to stop supporting its Windows XP operating system from 8 April, many bank ATMs could face threats from hackers and cyber attacks. Should you be worried?
No, according to many banks. Maybe, says Navroze Dastur, Managing Director, Financial Business, NCR India, which makes ATMs and works in the consumer transactions technology space: “There are around 145,000 ATMs operating in India today, out of which 95-98 percent run using XP as the operating system. And this is a big challenge faced by the banking industry.”
From 8 April, Microsoft will stop offering bug fixers and updated patches for XP which could give hackers and crackers a chance to try their luck. The Reserve Bank of India has taken notice and asked banks to take immediate steps to implement appropriate systems and controls in this regard.
According to the PCI Security Standards Council — which is a global forum responsible for data security standards — a secure network must be maintained for any transactions to be conducted. And if software updates are required, they should be ideally deployed by original equipment manufactures or vendors.
So, are our banks prepared?
Firtsbiz spoke to Rajiv Sabharwal, Executive Director, ICICI Bank, who debunked worries: “Nothing will happen. All banks and service providers are prepared; there is no question of any security problem. I don’t think there will be any problem anywhere. Upgradation of software keeps happening, it’s an ongoing process.”
The same views were echoed by MV Tanksale, Chief Executive, Indian Banking Association, who said, “Banks are definitely well prepared, it’s not that it was yesterday that we came to know about it. I am very sure that you will neither see problems nor will ATMs be shut down due to this issue.”
In fact, it was nine months ago when Microsoft first informed the world about the withdrawal of Windows XP support. Dastur says “48 percent of ATMs in the country are on the NCR network. As of now, we have offered banks compensating control measure software, a.k.a Solid Core, till the time banks decide to upgrade their systems.” Simply put, Solid Core is a comprehensive software for ATM security against potential threats.
So banks are confident that there won’t be any security issues with ATMs post 8 April. However, not many might opt for an XP upgrade anytime soon. Dastur says, “Smaller banks with 100-200 ATMs will go for software upgrades. A few larger banks (with 1,000 plus ATMs) are now on the Solid Core system. The cost of new software upgradation is a huge added cost for larger banks.” After all in many cases, the banks not only have to upgrade the software, but also hardware and deploy field officers to fix one ATM at a time.
In short, banks in India seem to be pretty confident that their ATMs will run in “business as usual” mode. And while it’s true that short-term solutions are possible, banks will eventually have to upgrade their systems. The reason: as per PCI Security Standards Council requirements, if banks fail the PCI audit, they could be slapped with penalties.
The apex bank has already asked banks to take necessary action. Which means, banks will eventually comply. In short, come 8 April, there is a good possibility banks are really prepared and ATM security should not be an issue.
Firstbiz Take: As a bank customer, there’s not much you can do from your side. Of course, unless you decide to withdraw loads of cash before 8 April, and keep it under your mattress, to avoid using an ATM altogether. But, that’s hardly practical.
As a precautionary measure, we suggest, for the love of your own hard-earned money, to keep a close watch on your bank account statement for any discrepancies. If you haven’t registered for SMS alerts from your bank, please do so. It will cost you less than Rs 100 a quarter, but the live alerts will keep you updated of all activities on your account.
If you find any discrepancy, you should get in touch with your bank ASAP. Which means store your bank’s call centre number on your mobile phone. If case you use your debit card at an ATM, but the machine does not spew cash and instead gives you a receipt that a withdrawal was made, your bank has to repay the amount, as per regulatory guidelines, within 7 working days. If they fail to do so, banks have to pay you Rs 100 per day for delays beyond seven working days. Hold your bank accountable.
In short, banks in India may be confident about their preparation to deal with Windows XP withdrawals; but as a consumer, it’s a good idea for you to take the necessary precautionary steps, just in case.