The latest ATM skimming attack in Thiruvanathapuram, which resulted in a loss of Rs 4.5 lakhs brings to light again the need for heightened cyber security and better insurance cover at public sector banks. Banks like the State Bank of India (SBI), Indian Overseas Bank (IOB) and Indian Bank have seen a spate of attacks on their ATMs since January, but according to sources, while all three banks have taken the mandatory “bankers indemnity” insurance cover, they have not insured themselves against data breaches and cyber security attacks.
In the recent incident, where foreigners installed a card reading device at the ATM to read/skim data, SBI said it will reimburse the victims. Even IOB in instances of ATM frauds and phishing attacks in May and July has reimbursed victims from its own pockets. “Many banks, including Indian Bank, have taken a basic bankers’ indemnity policy with us – that insures financial institutions against burglary, theft, fire, hold-ups, riot, strike, terrorism, property damage, cash in transit and employee fraud. But none of them have taken a cyber liability policy,” said an official from a public sector insurer.
While the banker’s indemnity policy protects all the assets of the bank including its ATMs, it does not provide cover in case of malware or a cyber attack on the ATM’s switch. “Physical tampering or damage of the ATM is covered. But computer-related damage/attack is not covered in a basic indemnity cover. Mass skimming of debit/credit card details is protected under a card protection policy that can be an add-on to the basic cover,” says Suresh Nair, Head of Product Development, Bajaj Allianz.