Control measures for ATMs - Timeline for compliance

ମୁଖ୍ୟ କଣ୍ଟେଣ୍ଟ କୁ ଯାଆନ୍ତୁ

Notification Marquee

RbiAnnouncementWeb

Asset Publisher

back

ପ୍ରକାଶିତ ତାରିଖ ଜୁନ 21, 2018

listen

Control measures for ATMs - Timeline for compliance

RBI/2017-18/206
DBS(CO).CSITE/BC.5/31.01.015/2017-18

June 21, 2018

To
The Chairman / Managing Director / Chief Executive Officer
All Scheduled Commercial Banks (excluding Regional Rural Banks)
All Small Finance Banks and Payment Banks
White-Label ATM Operators

Madam/Dear Sir,

Control measures for ATMs – Timeline for compliance

Please refer to our confidential Circular DBS.CO/CSITE/BC.8074/31.01.015/2016-17 dated April 17, 2017 (issued to banks) highlighting concerns about the ATMs running on Windows XP and/or other unsupported operating systems. A reference is also invited to our confidential Advisory No. 3/2017 dated March 06, 2017 and No. 13/2017 dated November 1, 2017 wherein the banks were advised to put in place, with immediate effect, suitable controls enumerated in the illustrative list of controls.

2. The slow progress on the part of the banks in addressing these issues has been viewed seriously by the RBI. As you may appreciate, the vulnerability arising from the banks’ ATMs operating on unsupported version of operating system and non-implementation of other security measures, could potentially affect the interests of the banks’ customers adversely, apart from such occurrences, if any, impinging on the image of the bank.

3. In order to address these issues in a time-bound manner, banks and White-Label ATM Operators are advised to initiate immediate action in this regard and implement the following control measures as per the prescribed timelines indicated there against:

Sr. No.	Control Measures for the ATMs	To be completed by
a.	Implement security measures such as BIOS password, disabling USB ports, disabling auto-run facility, applying the latest patches of operating system and other softwares, terminal security solution, time-based admin access, etc.	August 2018
b.	Implement anti-skimming and whitelisting solution.	March 2019
c.	Upgrade all the ATMs with supported versions of operating system. Such upgrades shall be carried out in a phased manner to ensure that in respect of the existing ATMs running on unsupported versions of operating system,
	i. Not less than 25% of them shall be upgraded by	September 2018
	ii. Not less than 50% of them shall be upgraded by	December 2018
	iii. Not less than 75% of them shall be upgraded by	March 2019
	iv. All of them shall be upgraded by	June 2019

4. A copy of this circular may be placed before the Board of Directors at its ensuing meeting, along with the proposed action plan for implementation of these measures. A copy of the Board-approved compliance/action plan in respect of aforesaid control measures may be sent to us latest by July 31, 2018. The progress made in implementation of these measure should be closely monitored to ensure meeting the prescribed timelines. As the implementation of the foregoing control measures would also require field visit(s) to the ATMs, banks should plan and implement these measures in an optimal manner.

5. It may be noted that any deficiency in timely and effective compliance with the instructions contained in this Circular may invite appropriate supervisory enforcement action under applicable provisions of the Banking Regulation Act, 1949 and/or Payment and Settlement Systems Act, 2007.

6. Please acknowledge receipt.

Yours sincerely,

(R. Ravikumar)
Chief General Manager