Beware! 3 out of 5 ATMs in India use outdated technology, prone to hacking

The worrying fact is cash loaders don't use the 'one-time combination' method, which is akin to OTP

Post-demonetisation, all ATMs across the country were recalibrated to dispense the new Rs 2,000 and Rs 500 notes. However, security issues are a prime concern, as many ATMs still rely on outdated technology.

Three out of five ATMs in India use outdated technology and lack basic security features, a Hindustan Times report said. 

Generally, cash is loaded in ATMs by logistics companies and not banks. These companies transport the currency notes from bank currency chests to branches and ATMs and maintain the machines too.  

The worrying fact is cash loaders do not use the "one-time combination" (OTC) method which is used by most developed countries. Under this system, the loaders are given a one-time combination number – a kind of password – to access the ATM. As the loading exercise is completed, the combination expires and cannot be re-used. It helps in tracking the exercise and minimises fraud.

Besides that most of the country’s 2,20,000 ATMs are not monitored by working closed-circuit television cameras (CCTV). “We have urged the banks several times to install OTC locking system at the ATMs so that monitoring improves, unfortunately most banks do not pay heed,” HT quoted NSG Rao, secretary of Cash Logistics Association as saying. He added that banks had no data on whether the CCTVs installed in ATMs were in working condition.

On a daily basis, about Rs 14,000 crore is carried by cash vans across India, the report added. 

Over 70 per cent of the 200,000 ATM machines in the country are running on Microsoft’s outdated Windows XP operating system, leaving it vulnerable to cyber attacks, a report published in The Quint in December said. 

In late 2016, following a malware-related security breach, the State Bank of India (SBI), HDFC Bank, ICICI Bank, Axis Bank and YES Bank blocked millions of debit cards that were compromised in one of the biggest data breaches in the country's financial sector. 

Recently, several cases of ATMs dispensing fake notes were reported. On Monday, ICICI Bank ordered a probe into an incident where a customer in Rohtak in Haryana reportedly got Rs 2,000 notes bearing 'Children Bank of India'.

Similarly, SBI ATMs dispensed fake Rs 2,000 notes in Uttar Pradesh's Shahjahanpur and Delhi last week.

Following the Delhi incident,  a 27-year-old man working with an ATM cash loading company was arrested on charges of exchanging five original Rs 2,000 bills with the 'Children's Bank of India' notes that were dispensed from the SBI ATM.