Indian Banks Forced to Migrate ATM Machines from Windows XP

CHANDIGARH, INDIA - NOVEMBER 10: ATM room at Panjab university branch on November 10, 2016 in Chandigarh, India. It was a manic rush outside most banks across the country on Thursday. People were seen waiting outside many banks as early as 6 a.m. to exchange the now defunct Rs. 500 and Rs. 1,000 notes, deposit them in their accounts and withdraw money. As part of sweeping steps to battle black money, Prime Minister Narendra Modi announced that Rs. 500 and Rs. 1,000 currency notes will cease to be legal tender from midnight of Tuesday. (Photo by Anil Dayal/Hindustan Times)

The Central Banking Authority of India RBI has demanded all banks to update their ATMs running Windows XP to a newer operating system by the end of June 2019 or face charges. The RBI has issued this statement on Thursday, June 21st The notification has also provided the details and timelines of upgrading the machines to the latest operating system in the nations ATM network.

At present, the Banks of India have 2 months to upgrade their ATM machines to the latest version of the operating system. The Banks must also set BIOS passwords and disable the USB ports as well as set up a time-based admin calendar.

Anti-skimming machines must also be implemented which is also in the notification sent by the RBI. The biggest headache for the banks would be to migrate their software to the latest version of the Operating Systems.

According to statistics, there are a lot of ATMs machines which are still running Windows XP an OS that Microsoft has stopped supporting since 2014. RBI wants to move the entire ATM to a new supported OS by June 2019.

Indian Banks must have the latest OS running on more than 25% of the machines by the end of the September this year and all the ATMs by the end of June 2019. “The slow progress on the part of the banks in addressing these issues has been viewed seriously by the RBI,” RBI wrote in its notification.

“In order to address these issues in a time-bound manner, banks and White-Label ATM Operators are advised to initiate immediate action in this regard and implement the following control measures as per the prescribed timelines:”

Sr. No. Control Measures for the ATMs To be completed by
a. Implement security measures such as BIOS password, disabling USB ports, disabling auto-run facility, applying the latest patches of operating system and other softwares, terminal security solution, time-based admin access, etc. August 2018
b. Implement anti-skimming and whitelisting solution. March 2019
c. Upgrade all the ATMs with supported versions of operating system. Such upgrades shall be carried out in a phased manner to ensure that in respect of the existing ATMs running on unsupported versions of operating system,
i. Not less than 25% of them shall be upgraded by September 2018
ii. Not less than 50% of them shall be upgraded by December 2018
iii. Not less than 75% of them shall be upgraded by March 2019
iv. All of them shall be upgraded by June 2019

This move is very serious as the Banks are going to invest a lot of money updating their ATM networks in the coming months. There are also some new warnings that were sent out on 2017 when the ATMs in India have suffered a lot of security related incidents in the previous year.

Related posts

Hard-Coded Credentials Vulnerability Found In Kubernetes Image Builder

Critical Vulnerability Patched In Jetpack WordPress Plugin

Astaroth Banking Malware Runs Actively Targets Users In Brazil