CERT-In warns micro-ATMs against malware attacks

CERT-In warns micro-ATMs against malware attacks The premier cyber security agency CERT-In has cautioned bankers, customers and traders against skimming and malware attacks on micro ATMs and Point of Sale (POS) terminals. The move comes as usage of POS and micro-ATMs counters have witnessed a sharp surge post demonetisation. It has asked to adopt high-end encryption to plug possible

breaches. In this regard, CERT-In has issued two specific advisories for micro-Automated Teller Machines and POS terminals. What are potential threats? Skimming: It is the theft of classified credit/debit card data. Using this method, a hacker (thief) can obtain the victim’s card number using a small electronic device near the card acceptance slot and store hundreds of card details at a time. Social engineering attack: It can be engineered at these banking and POS facilities, by gaining trust of the card owner as the fraudster poses as a member of staff. What the CERT-In advisory says? Micro-ATMs security features must be strong and updated in order to check attempts by hackers who stealthily plan to steal private customer and bank data. Point to Point Encryption (P2PE) should be used to minimise this risk as it will encrypt the card data and keep it encrypted to the maximum extent throughout its life. Banks and micro ATM operators must use some counter-measures to thwart cyberattacks. Micro ATM must not transmit any confidential data unencrypted on the network. It must automatically log out the operator and lock itself after a period of inactivity. Operators must keep all micro ATM software, application, anti-virus regularly updated and educate the customer about basic functionalities and security best practises. Customers must render due diligence of securing their PIN and not sharing vital details with strangers. Micro ATM: It work with minimal power and connect to central banking servers through a GPRS network. It enables the un-banked rural population to access banking services in their villages or towns. It offers facilities of deposit, withdrawal, balance enquiry, issuance of mini-statement and funds transfer. CERT-In (Indian Computer Emergency Response Team): It is the nodal agency that deals with cyber security threats like hacking and phishing. It is government organisation under Union Ministry of Electronics and Information Technology. It aims to strengthen security-related defence of the Indian Internet domain.

cert-in-warns-micro-atms-malware-attacks