The Banking Industry’s Big Windows XP Headache
With just a couple of weeks before Microsoft will no longer support its popular but ancient operating system that the majority of ATMs still use, the banking industry has its hands full. Some companies are choosing to pay for additional support, but industry groups say they won't be compliant with current standards if they fail to upgrade.
With just a couple of weeks left before Microsoft stops supporting its popular but ancient operating system, which the majority of ATMs still use, the banks have their hands full. Some are choosing to pay for additional support, but industry groups say they won’t be compliant with security standards if they fail to upgrade.
The end of Windows XP’s support life isn’t just creating headaches for end users. The banking industry has a lot of stuff to deal with as a result of the change, too.
That’s because about 95 percent of ATMs owned by large banks worldwide rely on XP, according to Reuters, and only a third of them will have been upgraded to Windows 7 by the support cutoff deadline—despite the fact that Microsoft has long warned that this eventually would happen.
Industry groups are offering recommendations and pointing out potential pitfalls. More details:
A push to upgrade: In a joint statement, the ATM Industry Association and the PCI Security Standards Council (PCI SSC) strongly recommended that ATM providers upgrade their operating systems as quickly as possible—not a cheap endeavor, as it could require hardware upgrades at the same time. The groups noted that those failing to do so won’t comply with the latest version of the PCI Data Security Standard and urged that any reliance on extended support options be temporary. “Organizations should have a migration plan to upgrade in a reasonable amount of time to a supported operating system, as the OS serves as the foundation for services and other security controls related to protecting cardholder data,” PCI SSC Chief Technology Officer Troy Leach said in the statement.
Work bottleneck: In an interview with Reuters, Doug Johnson, vice president for risk management at the American Bankers Association, said there’s a bottleneck of needed upgrades because there aren’t enough people available to do the work. But XP’s stability will help if banks can’t immediately upgrade. “One thing in our favor is that XP is battle-hardened,” he told the wire service. “People will benefit from years of fine-tuning of XP.… It has been through wars.”
The impact, good and bad: While the banking industry is likely to use this opportunity to upgrade its machines to support more modern technologies like cards that have microchips rather than magnetic stripes, the additional costs of keeping the older machines running could be passed on to consumers in the form of higher ATM fees. And of course, there’s always the danger of hacking. “Maybe [hackers] can infect the ATM with a virus that will allow the ATM to spit out cash. That’s bad for the bank, not necessarily for you,” CNN Money reporter Jose Pagliery told Washington, DC, news radio station WTOP. However, “if they’re really savvy, maybe they could trick the ATM to ask you to type your pin on screen in an unsafe way.”