Bank ATM Transaction: In a move to put a curb on the increase in fraud in ATM cash withdrawals and ensure its safety, the Reserve Bank of India on Thursday announced new guidelines on ATM transactions. In its bi-monthly “Statement on Developmental and Regulatory Policies”, the central bank noted that several banks and other regulated entities depend on third-party application service providers for shared services for ATM Switch applications.
These third-party service providers are exposed to associated cyber threats as they also have exposure to the payment system. Following which the RBI has decided to introduce mandatory baseline cyber controls. The banks and regulated entities can include these measures in their contract agreements with third-party service providers.
“A number of commercial banks, urban cooperative banks and other regulated entities are dependent upon third-party application service providers for shared services for ATM Switch applications,” RBI said.
“Since these service providers also have exposure to the payment system landscape and are, therefore, exposed to the associated cyber threats, it has been decided that certain baseline cybersecurity controls shall be mandated by the regulated entities in their contractual agreements with these service providers,” it added.
The mandatory guidelines would require the service provides to implement several measures to strengthen the process of deployment and changes in application softwares in the ecosystem, continuous surveillance and implementation of controls, the RBI said.
“The guidelines would require the implementation of several measures to strengthen the process of deployment and changes in application softwares in the ecosystem; continuous surveillance; implementation of controls on storage, processing and transmission of sensitive data; building capacity for forensic examination; and making the incident response mechanism more robust,” RBI said.
The detailed guidelines in this regard will be issued by December 31, 2019, RBI said.