Multiple blogs have been written on
utility of tech in banking services. So much so, Citibank this year shut down
5% of its branches in India due to their under usage as a result of their
customers’ access to home-bank ATMs and Brown label ATMs and usage of netbanking for making payments and
fund transfers. ATMs serve as a huge support to all the working people who do
not have time to visit their bank branches and withdraw money, so much so that
an ATM machine and the hosting room are becoming the new payment gateways,
which will further reduce the need to visit branches. We are in this day and
age, witness to the phenomenon of machines taking over the work of humans. Yet
we don’t mind it one bit, as it makes lives more convenient. More often than
not we ignore the fallacies and risks associated with the same and choose not
to mull over the safety of this phenomenon or how vulnerable it leaves us.
Because that’s inconvenient! And soon enough a red flag has been raised with the
recent Yes Bank ATMs’ software glitch which left 3.2 million card holders
exposed to online fraud.
The scare spread like the bird flu
and forced experts to analyse and ask the simple question: “How safe are our
ATMs”? And as users, we realised the importance of the oft used business phrase
‘caveat emptor’. It’s the principle that the buyer alone is responsible for
checking the quality and suitability of goods and service before the purchases are
made.
Let’s understand as laymen what really happened with our ATM cards…
ATMs can be home-bank (managed by
bank) or non Home-bank (or Brown label which is managed by third party). The software
in the brown label ATMs are managed by service providers, which in this case
was Hitachi Payment Services. The 90 affected ATMs in the present case
connected to the infected server. So the hackers got information of all the
people who used those ATMs, and cloned their cards. Since customers often use
non home-bank ATMs the impact spread to 19 banks. The hack led to misuse of
about Rs. 1.03 crores, where most of the cloned cards (about 641 in number) were
used for transactions in China and USA, where OTP is not a mandate for card
related transactions. (Hindustan Times,
24th Oct 2016)
While Hitachi claims no breach in
service, the matter is under investigation. In fact, there are no stringent
regulations for ATMs, debit and credit card services in RBI guidelines.
Solution to the hack…
No one knows. It can only be
prevented, till the next smart hacker cracks the new code. Banks need to take
over control of ATMs, which they outsource to third party as it may be too
expensive to run ATM counters all over the country, even in places where they
do not even have a bank branch. The outsourcing partners in the meanwhile need
to be a lot more vigilant and ensure security control measures and reduce
operational risks. As users of these cards, we need to keep changing our pin
numbers frequently.
-Ms. Monica Mor, Sr. Faculty, INLEAD
No comments:
Post a Comment