Banks need to beef up ‘on the ground’ security at ATMs : AIBOC

The All India Bank Officers Confederation (AIBOC) has requested the Department of Financial Services (DFS) to take up with Banks as well as State Governments the need to beef up on the ground security at ATM sites as criminals are increasingly manipulating bank software to siphon cash out of unguarded ATMs. The Association expressed deep concern over the spate of ingenuous ATM frauds — Man in the Middle (MiTM) model ATM hackings — that have surfaced in several cities of the country by accessing the server of the bank.

MiTM ATM hacking involves bypassing of systems, whereby cyber fraudsters secretly intercept the two-way encrypted messaging and data transfer between an ATM and its bank servers, and manipulate it to prompt ATMs to spew cash from unguarded ATMs, AIBOC said in a statement.

“It is pertinent to mention that all such frauds are taking place in unguarded ATMs in spite of having e-surveillance installed therein. The lacunae being that such surveillance is not real-time and the fraudsters are taking advantage of the vulnerability of the unguarded ATM kiosks,” said Soumya Datta, General Secretary, AIBOC.

The move of almost all banks to withdraw security guards/caretakers at their ATM Kiosks in an effort to reduce overheads has backfired, Datta said. “Such a decision of the bank management has drained out crores of rupees through sophisticated cyber-attacks on ATMs that far outweigh the so-called savings from withdrawal of guards/caretakers. At this point of time, it appears that the banks and the vendors are sustaining substantial financial loss. The quantum of loss sustained could be a staggering amount if all banks undertake an immediate reconciliation of the accounts,” cautioned Datta.

AIBOC underscored that the need to deploy caretakers to prevent the perpetration of such fraudulent acts as well as to instil confidence amongst the banking personnel and customers. “The immediate challenge confronting the banks is to fortify the safety and security arrangements by deploying caretakers and to bolster the internal security system. All stakeholders are required to upgrade their ATM security to thwart such MiTM attacks,” said Datta