As per the guidelines all the banks have to upgrade their ATMs to the latest version by June 2019.
The RBI issued a notification to all the banks saying "the vulnerability arising from the banks' ATMs operating on unsupported version of operating system and non-implementation of other security measures, could potentially affect the interests of the banks' customers adversely, apart from such occurrences, if any, impinging on the image of the bank".
The Reserve Bank had earlier taken a note on the lack of use of the POS terminal that is enabled to process EVM chips. Although these new infrastructures are ready to be used, the current ATMs still processes the card transaction based on data from the magnetic stripe.
Thus, the RBI has decided to mandate the EMV chip and pin card acceptance in ATMs all over the nation.
The RBI issued control measures of the ATMs are:
- Implement security measures such as BIOS password, disabling USB ports, disabling auto-run facility, applying the latest patches of operating system and other softwares, terminal security solution, time-based admin access, etc.
- Implement anti-skimming and whitelisting solution.
- Upgrade all the ATMs with supported versions of operating system. Such upgrades shall be carried out in a phased manner to ensure that in respect of the existing ATMs running on unsupported versions of operating system.
The RBI has been constantly asking the banks to upgrade but there has been no response. The slow progress on the part of the banks in addressing these issues has been viewed seriously by the RBI. Many ATMs has been running short of money as well even 18 months after demonetisation.