In less than a month’s time we could see more computer machines installed in ATMs, running Windows XP or with Windows XP Support being exposed to potential threats. Why? Microsoft is pulling the plug on Windows XP on April 8. This raises serious security and compliance issues for the systems’ operators as it is estimated that more than six out of 10 ATM machines in the US run Windows XP.
According to the data made available by ATM Industry Association (ATMIA), about 38% of the nearly 425,000 ATMs in the U.S. that are powered by Windows XP will have migrate to a newer OS. On the other hand, The Payment Card Industry Security Standards Council (PCI SSC), the body that oversees security standards in the payments industry, has come clear on the process – ATMs still on Windows XP after April 8 will need to have certain compensating controls in place to be considered PCI compliant. It estimates that Windows XP powers 95% of ATMs in the world.
Microsoft XP was released in 2001 but remains widely used till date. Why have companies have failed to upgrade to different software?
- The magnitude of the migration and the huge cost involved.
- Require a technician to visit physically and hands-on upgrade. This increases the cost of upgrading to new OS by many folds.
Most Banks are already in the midst of transitioning from their current system to the newer ones as they are aware their customers use the machines on daily basis and any trouble or security threat would cause them great inconvenience.
Microsoft has been consistently reminding customers about the deadline, but the ATM industry has been slow to react to a potential problem, probably due to the tremendous involved in the exercise.
It is however to be noted that all ATM’s and other devices that run XP POSReady 2009 will get updates until 2019.