3aIT Blog

 

512px-Microsoft_Windows_XP_logo_and_wordmark.svg

It is no secret and it is widely known that Microsoft will finally end support for Windows XP on 8th April 2014, so if you have not yet made plans to move off the 12 year old operating system - time is very much of the essence. When Microsoft originally announced end of support for Windows XP there was much outcry to keep the OS sales and support available, this bought it some time as the recently released Windows Vista OS was struggling to gain a foothold in the business sector. Once Windows 7 was finally released Microsoft ended mainstream consumer support in April 2009 but decided to keep business support extended until April 2014 - much longer than had been originally anticipated.

However what I was shocked to learn was Cash Machines (ATMs) are for the majority, still running Windows XP. It is estimated that 95% of ATMs worldwide are still running the aging operating system which equates to around 2.2 million devices. So what happens now ? Well according to NCR approximately a third of these machines will be replaced with another OS before the April deadline, but this will leave a large number still vulnerable to potential security issues. ATM security has always been a major concern due to the risks it can suffer, be it physical breaking into the machine or removing it completely to card skimming devices attached to capture your chip and pin credentials. These typically are then used later to produce clone cards to help relieve you of your hard earned - this activity accounts for more than 80% of all ATM fraud. Now comes the additional threat that is posed due to the possibility of an old operating system not currently maintained or secured by its vendor.

So how will banks ensure that a weakness in the OS is now one that will not be exploited? Well a recent news report by Reuters shows many banks are putting in place paid agreements with Microsoft to provide updates and security fixes past the April deadline. However this does not come cheap, it is reported that banks could be set to pay millions to keep the software running the ATMs secure until new machines or OS's are rolled out - of which I am sure banks will want to recoup some of the cost from the consumers who use them. You may be asking yourself why was this left so late?, why had the banks not planned this upgrade in a more timely fashion? - well according to banking officials it would seem a number of machines are simply not suitable to upgrade without sufficient enhancements and a lack of overall IT support technicians to carry out the mammoth task. In addition due to the financial crisis of 2007-08 banks have simply been overwhelmed with new regulatory rules and regulation that were imposed. As for the upgrade Windows 7 appears to be the recommended and the expected choice of OS, but for a number of the older style ATM's this is not possible without upgrading or replacing for newer technology. Each machine in turn will need to be evaluated, upgraded or replaced a process which is neither quick or cheap to rollout.

There is some good news smaller non-descript ATM's you know those ones which are typically found in shops, bars and shopping centres (that typically charge a handling fee to withdraw) are independently run kiosks which run an older but simpler operating system called Windows CE. Windows CE is probably something you may have come across on devices such as mobile phones or tablet devices - this product is still supported by Microsoft (currently).

So the message is clear, do not leave your upgrades to the very last minute speak to 3aIT today about getting your house in order before time finally runs out.