Menu
Browse

ATMs in India

Primary URL Location Industry
india1payments[.]in
Country India
Financial Services Icon
Financial Services
Profile

ATMs in India provide automated teller machine services that allow customers to perform cash withdrawals, deposits, balance inquiries, fund transfers, bill payments, and other banking transactions without visiting a branch. They operate as a self‑service channel for retail banking customers across the country, supporting both urban and rural populations. The machines are typically deployed by banks or third‑party ATM service providers and are connected to the core banking systems of the issuing institutions. The machines are available round the clock, providing customers with access to cash and basic banking services outside regular branch hours. Interoperability is enabled through the National Financial Switch, allowing cards issued by any participating bank to be used at ATMs of other member institutions. Service fees, when applicable, are set by the individual ATM owners and may vary based on location and transaction type.

The ATM network in India operates under the regulatory oversight of the Reserve Bank of India, which sets security and operational standards for cash‑handling devices. Many ATMs have historically run on outdated operating systems such as Windows XP, a factor highlighted in the May 2017 Rufus malware incident where attackers used infected USB drives to trigger unauthorized cash dispenses. The incident demonstrated vulnerabilities in both physical security (unauthorized USB insertion) and virtual protections (lack of timely software patches), prompting authorities to urge upgrades and enhanced monitoring while manufacturers disputed the extent of the weakness. These events underscore the sector’s reliance on timely patch management and robust physical safeguards as distinguishing operational challenges. Following the 2017 incident, the RBI issued advisories urging banks to replace legacy operating systems and implement stricter physical access controls at off‑site ATM locations. Security agencies conducted forensic audits of affected machines, confirming that the malware forced the cash dispenser to release notes without generating typical transaction logs. The episode also prompted collaboration between the RBI, payment system operators, and law enforcement to improve incident reporting and response frameworks for ATM‑related fraud. Despite manufacturer claims that widespread vulnerabilities were not present, the episode highlighted the need for a coordinated approach to hardware hardening and software lifecycle management in the ATM ecosystem.

Incidents
Linked incidents available to members
1 incident