RBI’s Warning To All Banks: Shut Down Windows XP From ATMs Immediately!
Banks will face action if this order is not executed by the banks.
On April 8th, 2014, Microsoft officially ended all support and updates to Windows XP, their one of the most popular and widely used operating system.
It is indeed a miracle that most of the ATMs in India are still running on this outdated OS.
Reserve Bank of India or RBI has taken cognizance of this matter, and have issued a notification for all banks.
The message is loud and clear: Get rid of Windows XP immediately!
RBI To All Banks: Shut Down Windows XP Now
In the notification by RBI, whose subject is “Control measures for ATMs – Timeline for compliance”, the central bank has said that banks are delaying the replacement of OS, and this is posing major security threats to the customers.
RBI said, “The slow progress on the part of the banks in addressing these issues has been viewed seriously by the RBI,”
Major Security Threat
In the notification, RBI has clearly stated that in case Windows XP is being used by banks for ATMs, then it poses major security threat to the users of those ATM.
RBI said that the fact that “the vulnerability arising from the banks’ ATMs operating on an unsupported version of operating system and non-implementation of other security measures, could potentially affect the interests of the banks’ customers adversely”.
Way back in 2014, we had reported that 95% of the ATMs in the country are vulnerable to getting hacked, because they are running on Windows XP, whose support is no longer provided by Microsoft.
Even after 4 years, the things are same. Any major hacking can happen anytime, and banks would be helpless during that time.
Next Steps, As Proposed By RBI
Understanding that banks are being lazy on this front, RBI has now created a timeline of activities, which has been mandated for all the banks.
As per the schedule, every bank should ensure that 25% of their ATMs are upgraded from Windows XP by September 2018; 50% by December 2018; 75% by March 2019 and 100% by June 2019, that is next year.
RBI has clearly stated that any delay won’t be tolerated.
RBI said, “It may be noted that any deficiency in timely and effective compliance with the instructions contained in this Circular may invite appropriate supervisory enforcement action under applicable provisions of the Banking Regulation Act, 1949 and/or Payment and Settlement Systems Act, 2007.”
The notice by RBI has been signed by R. Ravikumar, Chief General Manager.
We will keep you updated as we receive more inputs and reactions from the banks.