Control measures for ATMs – Timeline for compliance


June 21, 2018

The Chairman / Managing Director / Chief Executive Officer
All Scheduled Commercial Banks (excluding Regional Rural Banks)
All Small Finance Banks and Payment Banks
White-Label ATM Operators

Madam/Dear Sir,

Control measures for ATMs – Timeline for compliance

Please refer to our confidential Circular DBS.CO/CSITE/BC.8074/31.01.015/2016-17 dated April 17, 2017 (issued to banks) highlighting concerns about the ATMs running on Windows XP and/or other unsupported operating systems. A reference is also invited to our confidential Advisory No. 3/2017 dated March 06, 2017 and No. 13/2017 dated November 1, 2017 wherein the banks were advised to put in place, with immediate effect, suitable controls enumerated in the illustrative list of controls.

2. The slow progress on the part of the banks in addressing these issues has been viewed seriously by the RBI. As you may appreciate, the vulnerability arising from the banks’ ATMs operating on unsupported version of operating system and non-implementation of other security measures, could potentially affect the interests of the banks’ customers adversely, apart from such occurrences, if any, impinging on the image of the bank.

3. In order to address these issues in a time-bound manner, banks and White-Label ATM Operators are advised to initiate immediate action in this regard and implement the following control measures as per the prescribed timelines indicated there against:

Sr. No.

Control Measures for the ATMs

To be completed by


Implement security measures such as BIOS password, disabling USB ports, disabling auto-run facility, applying the latest patches of operating system and other softwares, terminal security solution, time-based admin access, etc.

August 2018


Implement anti-skimming and whitelisting solution.

March 2019


Upgrade all the ATMs with supported versions of operating system. Such upgrades shall be carried out in a phased manner to ensure that in respect of the existing ATMs running on unsupported versions of operating system,


i. Not less than 25% of them shall be upgraded by

September 2018

ii. Not less than 50% of them shall be upgraded by

December 2018

iii. Not less than 75% of them shall be upgraded by

March 2019

iv. All of them shall be upgraded by

June 2019

4. A copy of this circular may be placed before the Board of Directors at its ensuing meeting, along with the proposed action plan for implementation of these measures. A copy of the Board-approved compliance/action plan in respect of aforesaid control measures may be sent to us latest by July 31, 2018. The progress made in implementation of these measure should be closely monitored to ensure meeting the prescribed timelines. As the implementation of the foregoing control measures would also require field visit(s) to the ATMs, banks should plan and implement these measures in an optimal manner.

5. It may be noted that any deficiency in timely and effective compliance with the instructions contained in this Circular may invite appropriate supervisory enforcement action under applicable provisions of the Banking Regulation Act, 1949 and/or Payment and Settlement Systems Act, 2007.

6. Please acknowledge receipt.

Yours sincerely,

(R. Ravikumar)
Chief General Manager


Seair Exim offers an Import-Export data demo.

We do not mediate buying, selling of products or services.

Seair is proud to have a loyal customer base from big brands.

We have successfully served many reputable clients for Import-Export Data Information Services. Here are some of our clients:

Get a free Import-Export data demonstrative report on desired products.

We don’t offer any assistance over buying or selling any products.

Thank You

Big thanks to showing your interest in SEAIR Exim Solutions. We’ve currently received your request for data information. We will return on the same query in a short span of time.

Copyright © 2009 - 2021 All Rights Reserved.