Demonetisation: Cybersecurity body warns micro-ATMs against malware attacks | Latest News India - Hindustan Times
close_game
close_game

Demonetisation: Cybersecurity body warns micro-ATMs against malware attacks

ByPTI
Dec 04, 2016 01:43 PM IST

With the usage of micro-ATMs and point-of-sale counters witnessing a sharp surge post demonetisation, the country’s premier cyber security agency, CERT-In, has cautioned customers, bankers and traders against skimming and malware attacks on these systems and asked them to adopt high-end encryption to plug possible breaches.

With the usage of micro-ATMs and point-of-sale counters witnessing a sharp surge post demonetisation, the country’s premier cyber security agency, CERT-In, has cautioned customers, bankers and traders against skimming and malware attacks on these systems and asked them to adopt high-end encryption to plug possible breaches.

The CERT-In, the government’s nodal agency to combat hacking, phishing attacks and to fortify security-related defences of the Indian Internet domain, has issued two specific advisories for micro-Automated Teller Machines (ATMs) and POS terminals.(Sakib Ali/HT Photo)
The CERT-In, the government’s nodal agency to combat hacking, phishing attacks and to fortify security-related defences of the Indian Internet domain, has issued two specific advisories for micro-Automated Teller Machines (ATMs) and POS terminals.(Sakib Ali/HT Photo)

The CERT-In, the government’s nodal agency to combat hacking, phishing attacks and to fortify security-related defences of the Indian Internet domain, has issued two specific advisories for micro-Automated Teller Machines (ATMs) and POS terminals.

Hindustan Times - your fastest source for breaking news! Read now.

The advisory states that as micro-ATMs work with minimal power and connect to central banking servers through a GPRS network, their security features need to be strong and updated to check attempts by hackers who stealthily plan to steal private customer and bank data which leads to loss of their hard earned money by way of hacking or electronic stealing.

“Traditionally, data input into the POS system is in memory in clear text which allows attackers, memory scrapers to be very successful.

Read | Digital transactions in banking sector going up: SBI

“The way to minimise this risk is by encrypting the card data as soon as possible and keeping it encrypted to the maximum extent throughout its life within the system. Point to Point Encryption (P2PE) could be used to address the issue of encrypting data in memory,” the advisory, accessed by PTI, said.

It explains that skimming is the theft of classified credit/debit card data.

“A thief can obtain the victim’s credit card number using a small electronic device near the card acceptance slot and store hundreds of victims’ credit card numbers,” it said.

Read | Petrol pumps get into digital overdrive, play up wallets

A social engineering attack can be engineered at these facilities, it added, by gaining trust of the owner as the fraudster poses as a member of staff.

“The fraudster would then ask the customer to check the card for damages. The fraudster would have gained confidence from his prey using various tactics such as offering assistance to the customer who perhaps would have tried to use the ATM without success or perhaps the customer who is not familiar with use of micro ATM machine and requires assistance,” it said.

A micro ATM enables the un-banked rural population to access banking services in their villages or towns in a convenient manner and it offers facilities of deposit, withdrawal, funds transfer, balance enquiry and issuance of mini-statement.

The agency has asked the banks and micro ATM operators to exercise some counter-measures to thwart such attacks.

“The micro ATM must not transmit any confidential data unencrypted on the network; it must automatically log out the operator and lock itself after a period of inactivity; keep all the micro ATM software, application, anti-virus regularly updated and educate the customer about basic functionalities and security best practises,” the advisory by Computer Emergency Response Team-India (CERT-In) said.

Read | Demonetisation: Are mobile wallets safe enough?

Unveiling 'Elections 2024: The Big Picture', a fresh segment in HT's talk show 'The Interview with Kumkum Chadha', where leaders across the political spectrum discuss the upcoming general elections. Watch now!

Get Current Updates on India News along with Latest News and Top Headlines from India and around the world.
SHARE THIS ARTICLE ON
Share this article
SHARE
Story Saved
Live Score
OPEN APP
Saved Articles
Following
My Reads
Sign out
New Delhi 0C
Sunday, March 17, 2024
Start 14 Days Free Trial Subscribe Now
Follow Us On