In light of the increase in ATM fraud in India, it's essential that banks more closely monitor the security efforts of third-party service providers they increasingly are relying on to help manage their networks, says Prakash Joshi, COO at Electronic Payment Systems, which deploys and operates ATMs for banks.
ATM security is emerging as a tangible pain point for Indian banks as a result of the recent compromise of 3.2 million debit cards via a malware infection at an ATM switch (see: 3.2 Million Indian Debit Cards at Risk).
Relying on Outsourcers
"It is not possible for a large bank to manage its entire ATM network - for instance, State Bank [of India] operates around 70,000 ATM machines, making it necessary to outsource certain activities to vendors," Joshi says in an interview with Information Security Media Group.
To mitigate fraud risks, banks need to ensure that service providers follow guidelines for handling and managing sensitive data, and are, at the very least, PCI DSS (Payment Card Industry Data Security Standard) compliant, Joshi says.
"Most major banks do their ATM procurement and managed service selection via an RFP [Request for Proposal] bidding process. ... Banks need to ensure that security is built into the specification they define while floating the RFP," he says.
In this exclusive interview (see audio player below image), Joshi speaks about the rise of ATM fraud and the need for banks to ensure due diligence while outsourcing. He also discusses:
- The state of ATM security and some common fraud trends;
- The role that regulators can play;
- Recommendations for steps CISOs and others can take to improve ATM security.
Joshi, COO at EPS, has more than 25 years of experience in the information technology industry, with a focus on the financial services sector. He also has experience in the development of ATM hardware, software and services product lines. He formerly managed the western region as profit center head for Diebold in India.