BSP Wants ATM Security Enhanced
The Bangko Sentral ng Pilipinas (BSP) yesterday said it has approved new rules instructing banks to improve its automated teller machine (ATM) and electronic retail payment security.
BSP directed banks and supervised non-banks to adopt the end-to-end Triple Data Encryption Standard (3DES) for the whole ATM network by January, 2015 and to change all ATM and credit cards to more secure EMV chip-enabled cards by 2017.
All ATMs currently use the magnetic strip technology which is prone to fraud attacks such as skimming and cloning. Criminals skim ATMs by using a card reader to steal data from the magnetic strip. ATM hackers also clone debit cards.
The central bank is giving all its supervised institutions six months or until February next year to present its EMV migration plan. "(They) are expected to employ practical measures provided to mitigate exposure from skimming attacks," said the BSP. "Seeing the inclination of banks, particularly rural and thrift banks, to use cloud computing technology to leap frog their financial services, the enhanced framework also provides direction on the adoption of cloud computing in the financial service industry."
Based on BSP Resolution No. 1286, the enhanced Information Technology Risk Management (ITRM) framework was approved to update existing IT-related guidelines. The new circular to be issued will cover not only all types of banks but also non-bank financial institutions, electronic money issuers and other non-bank entities which, under existing BSP rules and regulations and special laws, are subject to BSP supervision and/or regulation. …