As a result of a significant number of reported cases of card-skimming at automated teller machines (ATM), the Reserve Bank of India (RBI) has instructed banks across India to install "white-listing" or anti-skimming solutions in the machines by the end of March 2019.
Fraudsters have been reportedly using ATM skimmers, that are add-on devices attached to the cash machines near the card slots to read information from the card's magnetic strip. The data collected is either stored in the device or transmitted to the fraudster who uses it to clone the ATM card.
With the help of the anti-skimming device, the fraudster's skimming can be disrupted from functioning. Similarly, white-listing will prevent the running of any applications besides trusted ones on the ATM.
The RBI also pointed out the inefficiency of the bank in upgrading from outdated operating systems, in a circular. "The slow progress on the part of the banks in addressing these issues has been viewed seriously by the RBI. As you may appreciate, the vulnerability arising from the banks' ATMs operating on unsupported versions of operating systems and non-implementation of other security measures, could potentially affect the interests of the banks' customers adversely," it said.
The RBI has provided a deadline of June 2019 to stop all ATMs to run on Windows XP operating systems or older versions.
Cases of ATM card skimming have been reported in cities like Mumbai, Coimbatore, and Delhi. Last year, some banks including Bangalore-based Canara and Corporation Bank blocked cards on a large scale to protect customers against frauds.
These fraudsters are said to sell the card information internationally and use them for e-commerce transactions. When a bank finds a skimming device in its ATMs, they have to inform all the banks whose cards have been used in those ATMs. Cards of these customers will then have to be replaced with new ones by the issuing banks.