CERT-In warns micro-ATMs against malware attacks
The premier cyber security agency CERT-In has cautioned bankers, customers and traders against skimming and malware attacks on micro ATMs and Point of Sale (POS) terminals.
The move comes as usage of POS and micro-ATMs counters have witnessed a sharp surge post demonetisation. It has asked to adopt high-end encryption to plug possible breaches.
In this regard, CERT-In has issued two specific advisories for micro-Automated Teller Machines and POS terminals.
What are potential threats?
- Skimming: It is the theft of classified credit/debit card data. Using this method, a hacker (thief) can obtain the victim’s card number using a small electronic device near the card acceptance slot and store hundreds of card details at a time.
- Social engineering attack: It can be engineered at these banking and POS facilities, by gaining trust of the card owner as the fraudster poses as a member of staff.
What the CERT-In advisory says?
- Micro-ATMs security features must be strong and updated in order to check attempts by hackers who stealthily plan to steal private customer and bank data.
- Point to Point Encryption (P2PE) should be used to minimise this risk as it will encrypt the card data and keep it encrypted to the maximum extent throughout its life.
- Banks and micro ATM operators must use some counter-measures to thwart cyberattacks.
- Micro ATM must not transmit any confidential data unencrypted on the network. It must automatically log out the operator and lock itself after a period of inactivity.
- Operators must keep all micro ATM software, application, anti-virus regularly updated and educate the customer about basic functionalities and security best practises.
- Customers must render due diligence of securing their PIN and not sharing vital details with strangers.
Micro ATM: It work with minimal power and connect to central banking servers through a GPRS network. It enables the un-banked rural population to access banking services in their villages or towns. It offers facilities of deposit, withdrawal, balance enquiry, issuance of mini-statement and funds transfer.
CERT-In (Indian Computer Emergency Response Team): It is the nodal agency that deals with cyber security threats like hacking and phishing. It is government organisation under Union Ministry of Electronics and Information Technology. It aims to strengthen security-related defence of the Indian Internet domain.