The Reserve Bank of India (RBI) on Thursday announced that it is planning to put in place additional cybersecurity measures in order to make ATMs safer across the country. The central bank is planning to introduce “baseline cybersecurity controls for ATM switch application service providers”, it said in its statement on the development and regulatory policies released with the bi-monthly monetary policy statement.
RBI noted that a number of commercial banks, urban cooperative banks and other entities rely on third-party application service providers for ATM Switch applications. Since these service providers also have exposure to the payments system landscape, it leaves them exposed to cybersecurity threats. Hence, the central bank said, it is important that the cybersecurity guidelines be mandated by RBI-regulated entities in their contractual agreements with these service providers.
In its statement, RBI said it will issue detailed guidelines in this regard by 31 December 2019. The upcoming guidelines will aim to strengthen the process of deployment or bringing updates in the software ecosystem of ATMs. RBI will also focus on surveillance to improve forensic examination in case of frauds, while also covering the aspects of storage, processing and transmission of sensitive data. The central bank aims to make the “incident response mechanism more robust”.
Urban cooperative banks will also be issued a comprehensive cybersecurity framework by RBI, based on their “digital depth and interconnectedness with the payment systems landscape, digital products offered by them and assessment of cybersecurity risk”.
Under the new safety guidelines, urban cooperative banks will have to implement bank-specific email domain, conduct a periodic security assessment of public-facing websites/applications, strengthen cybersecurity incident reporting mechanism, strengthen governance framework and set up security operations centre.
“This would bolster cybersecurity preparedness and ensure that the urban cooperative banks offering a range of payment services and higher information technology penetration are brought at par with commercial banks in addressing cybersecurity threats,” RBI said.