PCI Council warns ATM operators as Windows XP deadline approaches

Up to 95% of the world's ATMs could be left wide open to hackers next month when Microsoft ends tech support for the Windows XP operating system, the PCI Security Standards Council is warning.

  21 5 comments

PCI Council warns ATM operators as Windows XP deadline approaches

Editorial

This content has been selected, created and edited by the Finextra editorial team based upon its relevance and interest to our community.

In a long trailed move, from 8 April Microsoft will stop rolling out security updates and patches for XP, leaving machines running the 12-year-old operating system more vulnerable to attack.

ATMs running XP Embedded are not affected because Microsoft is not cutting off its support until 2016.

The process of upgrading to an alternative such as Windows 7 is both complicated and expensive for ATM operators - with many older machines needing to be altered one by one. Most are not expected to have made the switch within the next month.

JPMorgan has bought a custom one-year tech support agreement from Microsoft and will not begin migrating its 19000 machines to Windows 7 until July, the bank has told Bloomberg. Wells Fargo and Citi say that they are working on upgrading their networks.

It's not just ATMs that are at risk - Microsoft recently warned that the Indian banking industry's reliance on XP could put more than 34,000 branches at risk.

In a notice on its site, the PCI SSC is urging firms to take the plunge: "Don't make yourself an easy target, talk to your technology provider today and make sure your PC and systems are not putting your customers' confidential payment card data and your business at risk."

Sponsored [Webinar] PREDICT 2025: The Future of AI in the US

Comments: (5)

A Finextra member 

This reminds me of when I lost my ATM card in a Standard Chartered ATM in Wan Chai, Hong Kong (yes beer was involved) and the ATM screen had all kinds of Windows popup errors.  The realisation that some ATMs run on Windows gave me a feeling of disillusionment and very deep disappointment.

A Finextra member 

I'm with Henry. Windows on an ATM, for why? Even though XP and the choice to use it was 12 years ago how did that choice make any sense, given the use case? In the same way why did lifts etc ever need a calendar, as in the millennium bug. Makes me ashamed to have been an IT guy.

Kishen Gajjar

Kishen Gajjar Management Consultant at Infosys Consulting

In an age when mobile operating systems like Tizen, Android and iOS are being used to power Fitness Trackers, is it too far fetched to reason that something with a simple capability like an ATM should have a custom operating system? I don't think there was ever a time when using windows to power an ATM was a good idea. Now that the ability is out there with the availability of so many OS options, it's time ATM manufaturers realised that change is innevitable and necessary...quickly

A Finextra member 

Actually the thought of all these ATMs having to, for want of a better word, upgrade to Windows 8 amuses me. At least XP was good at something. (From my iPad)

Ketharaman Swaminathan

Ketharaman Swaminathan Founder and CEO at GTM360 Marketing Solutions

In India and much of Asia Pacific, ATMs are not just holes in the wall. They support realtime mobile topup, e-donations to temples and other places of religious worship, favorite transactions, bill payments, railway and event ticket bookings, SMS-based cash withdrawals by non customers without card or smartphone, and many more innovative features. ATMs on some border cities even dispense cash in different currencies. Considering that some of these features have been around for over a decade, a reasonably powerful OS like Windows XP is highly justified. Warts and all, XP is the best version of Windows in a long time, which partly explains why 95% of the world's ATMs still use this old OS. (From my not-so-stable Vista laptop).

[Webinar] Unifying Card Programmes: The cost-reduction imperativeFinextra Promoted[Webinar] Unifying Card Programmes: The cost-reduction imperative