Believe it… the ATMs may be running on software that MS has stopped supporting.
We are now accustomed to standfor a long wait in front of an ATM dispenser, to get our payments, that too a single Rs. 2000 note, but there is a likelihood that the cash dispenser runs on a software that Microsoft sopped supporting more than two years ago, thus making it susceptible to the hackers. Where will this result in?
- Card details could be stolen since they were done during early this year, when you feel relaxed with the single 2000 note that the machine dispensed with.
- Around 70% of 2,02,000 ATM machines in India run on Windows XP for which Microsoft has stopped offering security updtes, patches and technical support in 2014.
- Flexibility of ATMs is low since Windows XP is no longer get the support of Microsoft. This means, that there is no possibility of bug fixing, going for any patches and the ATMs are not upgraded to the vulnerabilities.
- The ATM providers put the onus of upgrading the software from Windows XP to Windows 7 on the respective banks which has been the global practice.
- Above, 75% of ATMs in India use unsupported Windows XP which is susceptible to malware.
Further it is pertinent to add that:
- In October this year, 3.2 million Indian Debit cards were compromised in one of the largest breaches of financial data in the country which is attributed to the probable use of cards at a particular bank’s ATM.
- Most of the ATMs in India are not owned by banks, but by payment technology and service providers like Financial Software and Systems (FSS) and FIS Global, who buy the machines from global giants NCR and Diebold.
- FSS manages around 40,000 ATMs covering 34 banks, and NCR provides ATMs to the tune of 47% in the country.
- Most of the ATMs in India are deployed during last four years, and the refresh cycle is around 7 to 10 years.
- Though the ATM providers like NCR and Diebold assure on the hardware, the upgradation of software has to be done by the banks.
- The newer ATMs run on Windows 7 which has an extended support of Microsoft till 2020, though originally the support ended in Jan 2015.
- Banks are deploying compensating control to contain the vulnerability.
It is further learnt that :
- In India, ATM is used only for Cash withdrawals.
- In other countries ATMs are used for depositing cheques for immediate processing, Update passbooks, make a video call to the Teller and other services.
Software and Hardware upgrade is necessary for achieving this which probably will take years for India to reach.