Malware and Skimming attacks after demonetization

6/12/2016 485 Security Issues | Cyber Security | View Recent Current Affairs

  • With the usage of micro-ATMs and POS counters witnessing a sharp surge post demonetisation, the country’s premier cyber security agency CERT-In has cautioned customers, bankers and traders against skimming and malware attacks on these systems and asked them to adopt high-end encryption to plug possible breaches.
  • The CERT-In, nodal agency to combat hacking, phishing attacks and to fortify security-related defences of the Indian Internet domain, has issued two specific advisories for micro-Automated Teller Machines (ATMs) and Point of Sale (POS) terminals.

Advisories of CERT-In:

  • Micro-ATMs work with minimal power and connect to central banking servers through a GPRS network, their security features need to be strong and updated to check attempts by hackers who stealthily plan to steal private customer and bank data which leads to loss of their hard earned money by way of hacking or electronic stealing.
  • Traditionally, data input into the POS system is in memory in clear text which allows attackers, memory scrapers to be very successful.
  • The way to minimise this risk is by encrypting the card data as soon as possible and keeping it encrypted to the maximum extent throughout its life within the system. Point to Point Encryption (P2PE) could be used to address the issue of encrypting data in memory.
  • A social engineering attack can be engineered at these facilities, by gaining trust of the owner as the fraudster poses as a member of staff.
  • The fraudster would then ask the customer to check the card for damages. The fraudster would have gained confidence from his prey using various tactics such as offering assistance to the customer who perhaps would have tried to use the ATM without success or perhaps the customer who is not familiar with use of micro ATM machine and requires assistance.
  • The micro ATM must not transmit any confidential data unencrypted on the network; it must automatically log out the operator and lock itself after a period of inactivity; keep all the micro ATM software, application, anti-virus regularly updated and educate the customer about basic functionalities and security best practises.

About Micro ATM:

  • A micro ATM enables the un-banked rural population to access banking services in their villages or towns in a convenient manner and it offers facilities of deposit, withdrawal, funds transfer, balance enquiry and issuance of mini-statement.

Comments (0) - Post a Comment/Reply and Earn Reward Points. Comment/reply will be submitted Only if you are loged in

  • Videos on Current Affairs Target IAS Prelim 2018
  • Correspondance Courses for civil services
  • IAS Pre 2017 Online Mock Test
  • Leader Ship Board based on Online Mock Tests
  • Issues and Analysis for civil services
  • IAS,PCS,HAS,HCS Online Testing and Evaluation System by Abhimanu
  • Earn as you learn and prepare yourself for civil services

Topper Speaks

Khandagale Dhammapal
Khandagale Dhammapal Rank-1020 Year-2017 (IAS)
Dear Sir thank you for your warm wishes. I always had conviction in my abilities and the constant support and guidance from teachers and mentors like you helped me a lot in this strenuous journey , I would also like to thank you from the bottom of the heart for taking pains of providing questions on my DAF for personality test and sending me interview preparation book from Delhi to remote location of Latur in Maharastra. Once again thank you for helping me realize my dream.
View More
my coins