You are here: Home » Economy & Policy » News
Business Standard

Lack of strong laws makes ATMs vulnerable to cyber attacks

The country needs a dedicated digital payment law and a cybersecurity framework

Ayan Pramanik & Shivani Shinde Nadhe  |  Bengaluru | Pune 

Lack of strong laws makes ATMs vulnerable to cyber attacks

India needs a legal framework to direct to safeguard their infrastructure against cyber attacks, say experts, as a large number of the country’s 200,000-plus run on an outdated software of Microsoft. 

Since April 2014, Microsoft has not been offering support for machines running on its Windows XP platform, making devices vulnerable to cyber attacks by hackers. But, continue to operate running on the defunct software putting to risk the banking ecosystem, besides data and money of millions of customers. 

“The absence of framework for is like a dream come true for hackers. For banks, updating the software of and putting in a place a framework should be a mandatory provision, not an optional exercise,” says Pavan Duggal, a cyber law expert. 

“The country needs a law that defines the duties of the stakeholders, starting from the banker to users,” he added.

In the recent past India’s banking system has seen vulnerabilities exposed by cyber attackers, who earlier leaked some 3.2 million debit cards of customers across the country. The hackers inserted a trojan through a vulnerable ATM that compromised the data of customers. 

Majority of the are managed by financial and technology services providers such as Financial Software and Systems (FSS) and FIS Global and not by the FSS and FIS Global purchase the ATM machines from companies such as NCR and Diebold. FSS manages 35,000 for 30 major in India. 
 
NCR is reportedly the biggest ATM machine provider in the country with a 47 per cent market share. 

Some of the existing are migrated from the old system to Windows 7 during the past couple of years. But, the number is very small. 

While most of these run on outdated systems, what worries experts is the absence of a framework to prevent any kind of crime.

“Modern day have enhanced security features, such as encrypted hard-drives that can prevent hackers from targeting these machines. However, for older that is still running on Windows XP, protecting against hackers is more challenging, especially when the are already deployed in all sorts of remote locations. While the ATM’s money is locked inside a safe, the computer generally is not. Without adequate physical security for these older ATMs, the attacker has an upper hand,” says Atul Anchan, director — systems engineering (India) at Symantec. 

During the past four weeks, cyber crimes related to financial institutions and have gone up sharply, says Duggal. “Unless there is a penal consequence, such incidents will keep happening.” 

Duggal adds that the country needs a dedicated as well as a framework to prevent such crimes, since the Information Technology Act, 2000 is silent on  

RECOMMENDED FOR YOU

Lack of strong laws makes ATMs vulnerable to cyber attacks

The country needs a dedicated digital payment law and a cybersecurity framework

The country needs a dedicated digital payment law and a cybersecurity framework
India needs a legal framework to direct to safeguard their infrastructure against cyber attacks, say experts, as a large number of the country’s 200,000-plus run on an outdated software of Microsoft. 

Since April 2014, Microsoft has not been offering support for machines running on its Windows XP platform, making devices vulnerable to cyber attacks by hackers. But, continue to operate running on the defunct software putting to risk the banking ecosystem, besides data and money of millions of customers. 

“The absence of framework for is like a dream come true for hackers. For banks, updating the software of and putting in a place a framework should be a mandatory provision, not an optional exercise,” says Pavan Duggal, a cyber law expert. 

“The country needs a law that defines the duties of the stakeholders, starting from the banker to users,” he added.

In the recent past India’s banking system has seen vulnerabilities exposed by cyber attackers, who earlier leaked some 3.2 million debit cards of customers across the country. The hackers inserted a trojan through a vulnerable ATM that compromised the data of customers. 

Majority of the are managed by financial and technology services providers such as Financial Software and Systems (FSS) and FIS Global and not by the FSS and FIS Global purchase the ATM machines from companies such as NCR and Diebold. FSS manages 35,000 for 30 major in India. 
 
NCR is reportedly the biggest ATM machine provider in the country with a 47 per cent market share. 

Some of the existing are migrated from the old system to Windows 7 during the past couple of years. But, the number is very small. 

While most of these run on outdated systems, what worries experts is the absence of a framework to prevent any kind of crime.

“Modern day have enhanced security features, such as encrypted hard-drives that can prevent hackers from targeting these machines. However, for older that is still running on Windows XP, protecting against hackers is more challenging, especially when the are already deployed in all sorts of remote locations. While the ATM’s money is locked inside a safe, the computer generally is not. Without adequate physical security for these older ATMs, the attacker has an upper hand,” says Atul Anchan, director — systems engineering (India) at Symantec. 

During the past four weeks, cyber crimes related to financial institutions and have gone up sharply, says Duggal. “Unless there is a penal consequence, such incidents will keep happening.” 

Duggal adds that the country needs a dedicated as well as a framework to prevent such crimes, since the Information Technology Act, 2000 is silent on  

image
Business Standard
177 22

Lack of strong laws makes ATMs vulnerable to cyber attacks

The country needs a dedicated digital payment law and a cybersecurity framework

India needs a legal framework to direct to safeguard their infrastructure against cyber attacks, say experts, as a large number of the country’s 200,000-plus run on an outdated software of Microsoft. 

Since April 2014, Microsoft has not been offering support for machines running on its Windows XP platform, making devices vulnerable to cyber attacks by hackers. But, continue to operate running on the defunct software putting to risk the banking ecosystem, besides data and money of millions of customers. 

“The absence of framework for is like a dream come true for hackers. For banks, updating the software of and putting in a place a framework should be a mandatory provision, not an optional exercise,” says Pavan Duggal, a cyber law expert. 

“The country needs a law that defines the duties of the stakeholders, starting from the banker to users,” he added.

In the recent past India’s banking system has seen vulnerabilities exposed by cyber attackers, who earlier leaked some 3.2 million debit cards of customers across the country. The hackers inserted a trojan through a vulnerable ATM that compromised the data of customers. 

Majority of the are managed by financial and technology services providers such as Financial Software and Systems (FSS) and FIS Global and not by the FSS and FIS Global purchase the ATM machines from companies such as NCR and Diebold. FSS manages 35,000 for 30 major in India. 
 
NCR is reportedly the biggest ATM machine provider in the country with a 47 per cent market share. 

Some of the existing are migrated from the old system to Windows 7 during the past couple of years. But, the number is very small. 

While most of these run on outdated systems, what worries experts is the absence of a framework to prevent any kind of crime.

“Modern day have enhanced security features, such as encrypted hard-drives that can prevent hackers from targeting these machines. However, for older that is still running on Windows XP, protecting against hackers is more challenging, especially when the are already deployed in all sorts of remote locations. While the ATM’s money is locked inside a safe, the computer generally is not. Without adequate physical security for these older ATMs, the attacker has an upper hand,” says Atul Anchan, director — systems engineering (India) at Symantec. 

During the past four weeks, cyber crimes related to financial institutions and have gone up sharply, says Duggal. “Unless there is a penal consequence, such incidents will keep happening.” 

Duggal adds that the country needs a dedicated as well as a framework to prevent such crimes, since the Information Technology Act, 2000 is silent on  

image
Business Standard
177 22