On Thursday, the Reserve Bank of India (RBI) released a Statement on Development and Regulatory Policies as part of its bi-monthly monetary policy review. The report said that the central bank will be introducing "baseline cyber security controls for ATM switch application service providers of RBI regulated entities."
These measures come after multiple debit/ATM card skimming incidents at ATMs in the last couple of years.
RBI observed that many commercial banks, urban cooperative banks and other regulated entities are dependent upon third party application service providers for shared services for ATM switch applications.
"Since these service providers also have exposure to the payment system landscape and are, therefore, exposed to the associated cyber threats, it has been decided that certain baseline cyber RBI To Increase Security Measures Used For ATMscontrols shall be mandated by the regulated entities in their contractual agreements with these service providers," it said.
The central bank will provide guidelines that would require changes in software used in ATMs and continuous surveillance.
"The guidelines would require implementation of several measures to strengthen the process of deployment and changes in application softwares in the ecosystem; continuous surveillance; implementation of controls on storage, processing and transmission of sensitive data; building capacity for forensic examination; and making the incident response mechanism more robust," the report said.
"Detailed guidelines in this regard will be issued by December 31, 2019," it added.