Micro-ATM and malware attacks

 

What is Micro ATM?
Micro ATM works with minimal power and connect to central banking servers through a GPRS network. It enables the un-banked rural population to access banking services in their villages or towns. It offers facilities of deposit, withdrawal, balance enquiry, issuance of mini-statement and funds transfer.
 
What are potential threats to Micro-ATM?
  • Skimming: It is the theft of classified credit/debit card data. Using this method, a hacker (thief) can obtain the victim’s card number using a small electronic device near the card acceptance slot and store hundreds of card details at a time.
  • Social engineering attack: It can be engineered at these banking and POS facilities, by gaining trust of the card owner as the fraudster poses as a member of staff.
 
What CERT-in advises?
  • Micro-ATMs security features must be strong and updated in order to check attempts by hackers who stealthily plan to steal private customer and bank data.
  • Point to Point Encryption (P2PE) should be used to minimise this risk as it will encrypt the card data and keep it encrypted to the maximum extent throughout its life.
  • Banks and micro ATM operators must use some counter-measures to thwart cyberattacks.
  • Micro ATM must not transmit any confidential data unencrypted on the network. It must automatically log out the operator and lock itself after a period of inactivity.
  • Operators must keep all micro ATM software, application, anti-virus regularly updated and educate the customer about basic functionalities and security best practises.
  • Customers must render due diligence of securing their PIN and not sharing vital details with strangers

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top