The Reserve Bank of India (RBI) is planning to announce additional cybersecurity measures in a bid to make ATMs safer across the country. The central bank is likely to introduce “baseline cybersecurity controls meant for ATM switch application service providers”, it said in its statement pertaining to the development and regulatory policies released during the bi-monthly monetary policy statement.
RBI found that a number of commercial banks, urban cooperative banks and other entities depend on third-party application service suppliers for ATM Switch applications. Since these service providers are exposed to the payments system landscape, it leaves them vulnerable to cybersecurity terrorization. Hence, the RBI said, it is pivotal that the cybersecurity guidelines be made mandatory by the RBI-regulated entities in their contractual accord with these service providers.
In its statement, RBI said that it will be issuing detailed guidelines in this regard by 31 December 2019. The upcoming mandate will strengthen the process of deployment or ensure updates in the software ecosystem of ATMs. RBI will be focusing on the surveillance to level-up the forensic examination of frauds, while also encircling the aspects pertaining to storage, processing and transmission of sensitive data. The central bank aims to make the “incident response mechanism more robust”.