SME Times is powered by   
Search News
Just in:   • 'China on solid path of economic recovery from pandemic shock'  • Power PPAs cannot be terminated during insolvency process  • US trade embargo causes $144bn losses for Cuban economy  • GST return filing deadline extended, again  • Huawei reports 9.9% revenue growth in first 3 quarters of 2020 
Last updated: 27 Oct, 2016  

bank-THMB.jpg Banks must login for fully-encrypted ATM security solutions

atm001.jpg
   Top Stories
» GST return filing deadline extended, again
» Industry urges Centre to refuel demand
» 'Need to develop non-ferrous metal industry'
» 'Meeting target of investment in infrastructure challenging'
» 'Rate cut transmission to help ease financial conditions'
Nishant Arora | 27 Oct, 2016
While some of the countrys premier banks are busy blocking debit cards that have been compromised (the numbers run into millions) in one of the financial sectors biggest data breaches, its time for banks to adopt state-of-the-art, fully encrypted ATM security solutions to safeguard consumers, the countrys top cyber experts have suggested.

The State Bank of India (SBI), HDFC Bank, ICICI Bank, Axis Bank and YES Bank are among banks which reported several of their customers' debit cards being compromised following a malware-related security breach in an ATM network. The SBI has blocked nearly 600,000 debit cards so far.

"This incident is a wake-up call for the Indian banking ecosystem to pause and realise that adopting extra-layered, state-of-the-art encryption security to minimise consumer financial data breach has become essential. The breach is attributable to malware which was introduced in ATM systems. The said malware has resulted in unauthorised access of data," Pavan Duggal, one of the nation's top cyber law experts, told reporter.

Malware attacks and cyber threats have affected countries like Japan and Bangladesh in the recent past and banks in India will have to make efforts to ensure that data is protected with multiple levels of authentication and industry-standard encryption, ensuring data security at all points of a transaction.

"It is time that magnetic-stripe cards issued by banks for ATM transactions are replaced at the earliest. While the affected banks are blocking debit cards to minimise the impact, the already ongoing replacement of mag-stripe cards with EMV chip cards will help the banks and consumers," explained Atul Singh, Regional Director-Banking and Transport (India Subcontinent) at the digital security giant Gemalto.

Gemalto works with some of the world's leading enterprises, banks and telcos to help them deploy consumer-friendly technology solutions for payment, banking and other financial services on the mobile and securing confidential information.

EMV -- which stands for Europay, MasterCard and Visa -- is a global standard for credit cards that uses computer chips to authenticate (and secure) chip-card transactions.

"This is in line with the RBI directive to issue EMV chip- and PIN-enabled cards. According to industry estimates, around 400 million mag-stripe cards have to be migrated to EMV standard in the next two years while nearly 120 million cards would have been migrated this year," Singh told IANS.

Further, banks need to work towards gradually enabling EMV chip and PIN-enabled card acceptance and processing at ATMs to enhance the safety and security of transactions.

While the point of sale (POS) terminal infrastructure in the country has been enabled to accept and process EMV Chip and PIN cards, the ATM infrastructure, on the whole, continues to process the card transactions based on data from the magnetic stripe.

"As a result, ATM card transactions remain vulnerable to skimming and cloning, etc., even though the cards are EMV Chip and PIN-based. Therefore, in line with RBI's directive of May 26, 2016, to all banks to upgrade ATMs to accept chip and PIN by September 2017, banks must take immediate steps to implement this in a fast-track mode," Singh added.

Worryingly, Indian cyber laws do not talk specifically about banking frauds.

"The Information Technology Act, 2000, being the sector-specific legislation, was amended in 2008. By virtue of the 2008 amendments, certain cosmetic amendments concerning cyber security were made under the Information Technology Act, 2000. The said amendments are not sufficient and adequate in today's scenario," Duggal informed.

"Further, the ground realities for cyber security breach are distinctly different in 2016 as compared to 2008. As such, there is a distinct need for India to beef up its legal frameworks on cyber security when it comes to banking frauds," he said.

According to Rakshit Tandon, consultant at the Internet and Mobile Association of India (IAMAI) and a cyber security expert, ATM cards are vulnerable, ATM machines are weak and banks' own servers are at hacking risk.

"Banks must introduce biometrics like retina scan, voice scan or fingerprint as double verification at ATMs. PIN numbers must be changed periodically. But the option is only in four-digit and so making strong PINs is out of question as of now," said Tandon.

Watch bank statements closely and contact the bank in the event of any signs of unexpected charges or transfers. Consumers also need to be aware of phishing scams where cybercriminals hijack banking systems and send bogus emails that lure people into sharing personal information or clicking malicious URLS with malware.

"Make all new PIN and account passwords different and difficult to guess. Include upper and lower case letters, numbers and symbols to make passwords harder to crack online," suggested Sunil Sharma, Vice President-Sales and Operations (India & SAARC), Sophos, a global leader in network and endpoint security.

Further, "the Information Technology Act, 2000, needs to be amended to come up with stringent provisions pertaining to a variety of cybercrimes, including banking frauds," Duggal noted.

In the meantime, banks must take a serious note of this incident to concentrate on cyber security and help protect the interest of users and consumers, the experts advised.

(Nishant Arora can be contacted at nishant.a@ians.in)
 
Print the Page Add to Favorite
 
Share this on :
 

Please comment on this story:
 
Subject :
Message:
(Maximum 1500 characters)  Characters left 1500
Your name:
 

 
  Customs Exchange Rates
Currency Import Export
US Dollar
66.20
64.50
UK Pound
87.50
84.65
Euro
78.25
75.65
Japanese Yen 58.85 56.85
As on 25 Oct, 2020
  Daily Poll
COVID-19 has directly affected your business
 Yes
 No
 Can't say
  Commented Stories
» 'Centre open to further economic stimulus'(1)
» Delay in dealing with GST refund delays(1)
» NPAs hurdle to banks' rate cut transmission(1)
 
 
About Us  |   Advertise with Us  
  Useful Links  |   Terms and Conditions  |   Disclaimer  |   Contact Us  
Follow Us : Facebook Twitter