MANILA, Philippines - Banks were ordered Tuesday to replace existing automated teller machine (ATM) cards and machines with new ones between 2015 and 2017 in an effort to curb hacking incidents involving ATMs.
The Bangko Sentral ng Pilipinas (BSP) said lenders must adopt the “end-to-end triple data encryption standard (3DES)” in their ATM outlets nationwide by January 2015 and to replace existing ATM cards with EMV-enabled ones by January 2017.
The order was part of the Enhanced Information Technology Risk Management Framework approved by the BSP last Aug. 1.
Banks, in turn, have expressed support for the new regulation.
“We are okay with this,” said Suzanne Felix, executive director of the Chamber of Thrift Banks, in a text message to The STAR.
ATMs have been the subject of numerous hacking incidents recently with millions of pesos believed to have been lost to an international syndicate.
This prompted banks and ATM providers to install various measures, including the so-called “PIN shields,” which protect the hands of ATM holders from hidden cameras whenever they input their personal identification numbers (PIN).
BSP Deputy Governor Nestor Espenilla Jr. admitted that the current ATM machines and cards are more “susceptible to brute force attack,” prompting regulators and industry leaders to think of a long-term solution such as the replacement of over 12,000 ATM outlets nationwide with new ones, which employ the 3DES – a system that allows data to be encrypted three times in the machine versus the present single encryption.
“A 3DES has key length of 168 bits which makes it harder to crack,” Espenilla said.