Reserve Bank of India in its Statement on Developmental and Regulatory Policies published on Thursday sets out various developmental and regulatory policy measures for strengthening regulation and supervision; broadening and deepening of financial markets; and improving payment and settlement systems. One of the items on the agenda is executing new guidelines for ATMs. This is in view of the increasing cyber threats for shared services in ATM Switch applications.
The statement said that “A number of commercial banks, urban cooperative banks and other regulated entities are dependent upon third-party application service providers for shared services for ATM Switch applications”. The statement further said that “Since these service providers also have exposure to the payment system landscape and are, therefore, exposed to the associated cyber threats, it has been decided that certain baseline cyber security controls shall be mandated by the regulated entities in their contractual agreements with these service providers”.
The revised guidelines, according to the statement, necessitate carrying out several measures to strengthen the process of deployment and changes in application software in the ecosystem; continuous surveillance; implementation of controls for on storage, processing and transmission of sensitive data; building capacity for forensic examination; and making the incident response mechanism more robust.
The communiqué said that the detailed guidelines in this regard will be issued by December 31, 2019.
