At a time when serpentine queues continue to grow outside ATMs across the country following the demonetisation move, a top executive of Intel Security has warned that ATMs in India are susceptible to security breaches.
Intel Security, with its McAfee product line, is the world’s largest dedicated security technology company.
In banks, a breach can happen at multiple levels — like at an ATM, data centre, network or through mobile banking. “The ATM today is an easy target for hackers to hit a network,” Anand Ramamoorthy, Managing Director, Intel Security, South Asia, said.
ATM attacks have affected several countries in the recent past. A hacker group called Cobalt targeted ATMs across Europe last month and remotely attacked the machines using malicious software that manipulated the systems which led the machines to automatically dispense huge amounts of cash.
Banks in India will have to make efforts to ensure that ATMs are protected with multiple levels of authentication and industry-standard encryption, ensuring data security at all points of a transaction.
According to experts, banks need to work towards gradually enabling EMV chip and PIN-enabled card acceptance and processing at ATMs to enhance the safety and security of transactions.
“It is time that magnetic-stripe cards issued by banks for ATM transactions are replaced at the earliest. While the affected banks are blocking debit cards to minimise the impact, the already ongoing replacement of mag-stripe cards with EMV chip cards will help the banks and consumers,” Atul Singh, Regional Director-Banking and Transport (India Subcontinent) at the digital security giant Gemalto, said.
EMV — which stands for Europay, MasterCard and Visa — is a global standard for credit cards that uses computer chips to authenticate (and secure) chip-card transactions.
“We have seen a big focus on ATM attacks in the Asia-Pacific (APAC) region, including India. ATMs in underdeveloped countries are particularly vulnerable as those countries still have old ATM software and are running Windows XP. This makes them the perfect target for an easier score,” US-based cyber security company FireEye said recently.
In a tweet, Prime Minister Narendra Modi recently urged people to “embrace e-banking, mobile banking and more such technology”, but Ramamoorthy warned that as mobile banking becomes popular, it will involve greater risks.
“You have to become aware as you become more digitised,” noted Ramamoorthy, adding that mobile has become more of a financial gateway and its implications are huge for the country.
Earlier this year, following a malware-related security breach, the State Bank of India (SBI), HDFC Bank, ICICI Bank, Axis Bank and YES Bank blocked millions of debit cards that were compromised in one of the biggest data breaches in the financial sector.
“To protect ATMs from cyber-attacks in the future, Intel Security has deployed an ‘Embedded App’ control which not only protects ATMs at the site but also the network which it is connected to,” Ramamoorthy said, adding that the app is set for an update in 2017.