Money & Banking

Banks must put in place additional controls to prevent ATM thefts, says RBI’s IT arm

Our Bureau Mumbai | Updated on November 12, 2019 Published on November 11, 2019

Monitor suspicious traffic, integrate threat intelligence with security mechanisms, says ReBIT report

With the use of malware in ATM thefts seeing a considerable increase over the years, banks need to implement additional controls, including segregation of network and monitoring of suspicious traffic, and periodic threat hunting within their network, according to the RBI’s IT subsidiary Reserve Bank Information Technology Pvt Ltd (ReBIT).

This observation comes in the backdrop of the Lazarus Group, a cryptocurrency hacking group known for affiliations with the North Korean government, developing a new strain of malware to record and steal data from cards inserted into ATM machines in India.

The banking malware – ATMDTrack – has been active in India since last summer, Kaspersky Lab researchers said in a published report, said ReBIT in a report.

Some of the factors contributing to the proliferation of thefts, as per the report, is the lack of implementation of adequate security controls related to the ATMs and the overall network of the organisation. Organisations need to adopt the defence in-depth approach to protect themselves against such thefts.

Apart from implementing security solutions such as anti- malware and following process such as hardening and patch management, organizations should implement additional controls such as: segregation of network and monitoring on its suspicious traffic; training and awareness of the employees; and integration of threat intelligence into security mechanisms.

ReBIT has also suggested periodic threat hunting within an organisation's network; sandbox-based deduction mechanisms; and comprehensive cyber drills, including communication with vendors, card networks and other critical infrastructure dependencies to mitigate the risks of ATM thefts.

Adopting such an approach would not only enable an organisation to prevent or reduce such thefts but also help respond in a more planned and effective way, it added. As at August-end 2019, there were 2,28,170 ATMs across the country.

JokerStash expose

Recently, the Cyber Security and Information Technology Examination (CSITE) Cell of the RBI’s Department of Banking Supervision had issued an advisory asking banks to take necessary action to secure their customers’ card data after it came to light that a large number of credit/debit card information, including ‘Track2 details’, were available on the website ‘JokerStash’. About 1.3 million Indian payment cards were reportedly put up for sale on JokerStash.

CSITE asked banks to perform a preliminary analysis of the disclosed card information to verify the the data. If the leaked data is found to be genuine, CSITE told banks to disable and re-issue the credit and debit cards as per the bank’s policy.

Banks have been advised to monitor credit/debit transaction for the detection of frauds and misuse. Further, customers need to be sensitised to use credit/ debit cards in a secure manner in all modes of transactions – online, point of sale, etc.

CSITE has advised banks to take necessary proactive measures to identify and guard against such misuse of customer credentials.

Published on November 11, 2019
This article is closed for comments.
Please Email the Editor