India seems to be, as usual, taking cues from the rest of the world far later than acceptable.
The RBI has now asked banks to uninstall Windows XP from their ATMs, years after the Operating System was discontinued by Microsoft.
RBI has issued an ultimatum to all banks stating they need to upgrade their ATMs and the OSes they run by June 2019. Unfortunately, this order comes a good four years after Microsoft declared it was ending support for Windows XP. It¡¯s also over a year after the financial institution first raised concerns about ATMs running vulnerable operating systems in April 2017.
Why this is important is because, since XP was put out to pasture, Microsoft has ceased to update it in any fashion. That means the OS is now well behind on security updates, putting customers at risk when it¡¯s still running on ATMs that themselves have minimal security. Instead, enterprises have been encouraged to adopt Windows 10, with its superior security features and interoperability.
¡°A reference is also invited to our confidential Advisory No. 3/2017 dated March 06, 2017 and No. 13/2017 dated November 1, 2017 wherein the banks were advised to put in place, with immediate effect, suitable controls enumerated in the illustrative list of controls,¡± RBI said in a circular.?
In addition to the mandate on OS upgrade, the RBI has also declared that banks need to implement other security measures, like changing the BIOS password for ATMs, disabling USB ports and keeping them continuously updated to the latest versions.
Right now, that deadline is set for September 2018 for at least 25 percent of ATMs to be upgraded, with a 50 percent completion pegged for December this year. Every ATM in the country is expected to be updated and ready by June 2019.