adsense

Showing posts with label ATM Security. Show all posts
Showing posts with label ATM Security. Show all posts

Sunday, September 2, 2012

Cash Retraction in Indian ATM’s finally withdrawn. Collect Cash before leaving the ATM!!!!!!!



            Due to the rising of frauds in India on the cash retraction facility in India, the Indian regulators were looking at various alternatives to minimize such instances.

            A detailed discussion took place in the NFS steering committee meeting held on 07/04/2011. One of the suggestions received was to disable the ATM retraction facility. As this was a new step, a pilot run was conducted on selected ATM’s.

          As expected, not a single complaint on cash retraction was received by member banks. On the basis of the pilot run feedback, NPCI sought RBI’s approval to adopt the disabling of ATM retraction facility across Pan-India ATM’s.

            RBI agreed to the NPCI’s proposal and communicated their acceptance vide Lr.No.DPSS.CO.PD NO1230/02.07.2011/2011-12 dt.09/01/2012.
    
        The initial deadline for the member banks to disable the cash retraction in their respective ATM’s was 31/03/2012. Subsequently, it was extended to August 31st, 2012.

            With the August31st, 2012 deadline too over, all Banks in India, have disabled the cash retraction facility in their ATM’s.

            This step was disseminated to the bank customers vide SMS’s, Notice Board messages, messages in Statement of Accounts.

            The press too widely reported this new service. Majority of the banks have also highlighted this on their websites eg:- Axis Bank, HDFC Bank, SVC Bank, Indian Overseas Bank. Plus, by the word-of-mouth publicity, the message would have spread across the banking customers.

            The cash disbursement at the ATM’s depends on the model of the particular ATM. In some ATMs, there is a Cash dispenser, wherein the cash falls into the dispenser. In some ATM’s, the money remains at the mouth of the ATM, which the customer has to take it.

Ideally, the cash in all ATMs’ should have a cash dispenser, wherein the cash falls into it and the customer collects it from there.  
What is Cash Retraction?




Wednesday, February 15, 2012

RBI releases Draft Guidelines for White Label Automated Teller Machines (WLAs) in India.



Q) What are White Label ATM's?
Ans) Do not worry, their will be labels on the ATM's stating the owner. The only difference is that the Owner will not be a Bank but non-bank entities.
Traditionally, Banks are owners of ATM's, but ATM's owned by non-bank entities are referred to as the White Label ATM's.

A a white label ATM is owned, run and maintained by a third-party service provider. There has a demand in India for introduction of White Label ATM's, as it was felt that this would speed up the ATM penetration in India, and reduce the load on the Banks.

The number of ATM's in Urban India is increasing day by day, but the same cannot be said in rural interiors.
Hence, to encourage non-bank entities to enter the ATM arena, Reserve Bank of India, has issued Draft Guidelines for White Label Automated Teller Machines (WLAs).

The top 20 highlights of this draft guidelines are:
  1. Views/Comments by the public can be sent to Reserve Bank of India before 06/03/2012.

  2. The views/comments can be sent by snail mail to the Chief General Manager, Reserve Bank of India, Department of Payment & Settlement Systems, Central Office, 14h floor, Central Office Building, Shahid Bhagat Singh Marg, Mumbai -400001 or can be emailed.

  3. The interested Non-bank entities proposing to set up WLAs have to make an application to RBI for seeking authorization under the Payment and Settlement Systems Act 2007.

  4. Such entities should have a minimum net worth of Rs. 100 crore at the time of making the application and on a continuing basis after issue of the requisite authorization.

  5. To ensure that the ATM's are not concentrated only in Tier I & II centers, there will be annual targets in terms of the ratio of WLA between Tier I &II and Tier III-VI centers. These targets will be stipulated by Reserve Bank of India.

  6. Initially, only the Cards issued by banks would be permitted to be used at the WLAs.

  7. Cash Deposits, as of now, will not be permitted.

  8. The WLA Operator will be the "acquirer" for all transactions at the WLA and earn his fee accordingly.

  9. To decrease his operating costs, the WLA Operator would be permitted to earn extra revenue through advertisement and by offering value added services. Naturazlly, such advertisements would be subject to Advertising Standards Council of India (ASCI) codes and other regulations. The other regulations might be that there should no advertisement between the keying of the Password and disbursement of the cash.

  10. Regulatory guidelines relating to compensation for failed ATM transactions would apply to transactions at WLAs.

  11. Prior Authorization of RBI under the Payment and Settlement Systems Act, 2007, is required by the WLA Operator, to commence its operations.

  12. Each WLA Operator shall have one “Sponsor Bank” , who will serve as the Settlement Bank for the settlement of all the service transactions at the WLAs. The Sponsor Bank should be a member of one of the ATM networks authorized by the RBI and also be a member of the RTGS.

  13. Cash Management of the WLAs shall be entrusted to the Sponsor Bank, who may have necessary arrangements in this regard with other banks for servicing cash requirements at various places. At no point of time, the WLA Operator or his agents shall have access to the cash at the WLAs.

  14. Settlement of all the transactions at the ATMs shall be done only in the books of the Sponsor Bank through the ATM Network with whom the WLA Operator has established connectivity.

  15. Maintenance and servicing of the WLAs shall be the sole responsibility of the WLA Operator.

  16. Customer Grievance Redressal : The primary responsibility to redress grievance of customers relating to failed ATM transactions will vest with the Issuing Bank,. However, the Sponsor Bank will provide necessary support in this regard, including making available relevant records and information, to the Issuing Bank. For this purpose, the Sponsor Bank should have necessary arrangement with the WLA Operator.

  17. The extant directives of the RBI on the time-lines for resolution of complaints of failed ATM transactions would also apply to transactions at the WLAs. For delay in resolution of such complaints attributable to the Sponsor Bank or the WLA Operator resulting in payment of penalty to the customer by the Issuing Bank in terms of the directives of RBI, the Issuing Bank shall be compensated by the Sponsor Bank. The Sponsor Bank may have appropriate agreements with the WLA Operator for recovery of such amounts.

  18. ATM Network Operators will offer direct connectivity to the WLA Operator to facilitate transactions at the WLA and the settlement thereof after seeking requisite approvals from the RBI.

  19. The above step bring the WLA Operator under the ambit of the Network’s Operating Guidelines and the Dispute Resolution Mechanism put in place in accordance with the extant directives of the Reserve Bank of India.

  20. A Tripartite Service Level Agreement between 01) The ATM Network Operator, 02) the WLA Operator and 03) the Sponsor Bank will be requied to address issues relating to inter-bank settlement of the transactions at the WLAs and settlement of customer complaints relating to failed ATM transactions. The SLAs should clearly spell out the role of each party.


To reduce the instances of counterfeit currency entering the system, the cash handling responsibility is of the Sponsor Bank. RBI is clear that at no point of time, the WLA operator or his agents, shall have access to the cash at the WLAs.

Internationally, retailers that own white label ATMs, and not banks, load cash into the machines.


Sunday, January 29, 2012

Is it time for 3FA(Factor Authentication) in Indian ATM's?



The trigger for this thought is this article Economic Times article
It seems the speakers at the Meet, have a very strong mindset to blame the bankers especially bankers associated with ATM Operations for the fake notes menace.

Maybe the Speakers have not read this article Security Features of Indian Notes

The aim of this article is not to explain what is 1FA(factor authentication) or 2FA(factor authentication) or 3FA(factor authentication) but to analyze the pros and cons of 3FA(factor authentication)

3FA(factor authentication), in simple terms is the verification of the 'User's request' by three separate steps to conform that the 'request' has been raised by the correct user only and not by any 3rd party.

3FA is not 100% secure, but 99.9999% secure. Nothing in this world is 100% secure.
ATM's in India, currently have 2FA I.e 'something which a user has – ATM card' and 'something which the user knows – PIN (Personal Identification Number)

There is a wide choice for the 3rd FA(factor authentication),
  1. Biometric (UIDAI being the best example) or
  2. OTP (One time password)
  3. Security Tokens or
  4. Card Lock-in options
  5. Transaction Authentication

The Pros and Cons of each option in brief are us under :

  1. Biometric (UIDAI being the best example)--
PROS :
a) Tools exist to make this reality.

CONS:
a) UIDAI is yet to stabilize.
b) The implementation and the maintenance costs right now are substantial.
  1. Biometric verfication tools on a large scale are not common in India.


  1. OTP (One time password)--
PROS: -
a) OTP's are becoming common.
b) The implementation and maintenance costs are less

CONS: -
a) OTP features need to be integrated into the ATM network. This is not a big inhibitor as majority of the ATM's are part of the NFS (National Financial Switch) network now. The only factor which might be a stumbling block is the validity time period of the OTP generated I.e for how many hours the OTP generated should be live. Currently the industry average is 2 hours for netbanking non-financial OTP's.
For financial OTP's the life is few seconds.

  1. Security Tokens--
PROS:
a) Proven technology
b) Costs are less

CONS:
a) Integration with the ATM's network required.
b) Who will bear the cost of the Security token?

  1. Card Lock-in Options--
In simple terms, the Card Locking feature means allowing Bank consumers the option to lock and unlock their bank cards to permit or deny account use at automated teller machines (ATMs) and point-of-sale (POS) devices or on internet sites.
Some Banks have already opted for this feature. Check out at Card Lockin, Diebold cardlock in feature
PROS:-
a) Brand new concept, hence to encourage Banks to hop on to the bandwagon.
b) SMS/Branch/Phone/Net Banking channels can be multiple-touch points for this option.

      1. Transaction Authentication. Transaction authentication means using an additional electronic signature generated on the basis of the amount to be withdrawn from the ATM. The electronic signature can be a OTP which is generated only after the amount tobe withdrawn is keyed into the ATM. However, the main draw back is that the time-frame to complete the whole cycle of ATM withdrawal is short and introducing Transaction Authentication in the present setup is a challenge.







LinkWithin

Related Posts with Thumbnails

Disclaimer

The thoughts in this BLOG are personal, and reflect only my view on the subject.
This are not the views of my Employers.
All images, logos rights rest with the Original TitleHolders

All efforts have been made to make this information as accurate as possible, N Prashant will not be responsible for any loss to any person caused by inaccuracy in the information available on this Website. Relevent Official Gazettes Communications may be consulted for an accurate information. Any discrepancy found may be brought to the notice of N Prashant