Most ATMs will remain on Windows XP after Microsoft pulls plug on OS support
Less than 40% of U.S.'s 425,000 ATM systems will have migrated off Windows XP
Computerworld - More than six out of 10 ATM machines in the country will be running on an obsolete operating system when Microsoft pulls the plug on Windows XP support on April 8, raising serious security and compliance issues for the systems' operators.
According to the ATM Industry Association (ATMIA), about 38% of the nearly 425,000 ATMs in the U.S. that are powered by Windows XP will have migrated off the OS by next month's deadline.
Operators of the remaining quarter million or more machines will have an increasingly hard time supporting their systems and ensuring sufficient software security after that date.
The Payment Card Industry Security Standards Council (PCI SSC), which is responsible for overseeing security standards in the payments industry, has already noted that ATMs still on Windows XP after April 8 will need to have certain compensating controls in place to be considered PCI compliant. The PCI SSC estimates that Windows XP powers 95% of ATMs in the world.
"The vast majority [of ATM operators] are aware of the deadline," said David Tente, executive director USA of the ATMIA.
Many operators have already moved or are in the process of moving their systems to Windows 7, which is the next available Windows upgrade for ATM systems, Tente said. But for a majority, the cost and time involved in upgrading their systems to a new OS is a huge challenge, he said.
Several financial institutions have worked out, and at great cost, arrangements with Microsoft to keep Windows support available for a while longer, he said.
In many cases, upgrading an ATM's operating system involves physical access to the machine and about one hour's worth of labor. Not all ATMs will be ready to migrate to Windows 7 and may need hardware upgrades as well, Tente said.
According to Tente, independent operators run about half the ATMs in the U.S., while large financial networks operate the rest. A "fair number" of installed ATMs are powered by Windows CE and embedded versions of Windows XP, which are not affected by the April 8 deadline, he said.
Microsoft has said that it will cease support for Windows XP after April 8. After that date, the company will stop providing security updates or technical support for Windows XP, an operating system that still has a huge installed base around the world.
Microsoft has pointedly stated that PCs running Windows XP after the end-of-support date should not be considered protected and has urged users of the operating system to move to a newer version as soon as possible.
According to Tente, it's possible that malicious hackers are waiting until after April 8 to attack ATMs and other systems running Windows XP. But just because a system remains on Windows XP after that date does not automatically make it more vulnerable.
The financial institution where this pilot fish works is moving to a new disaster recovery site, and that means arranging the transfer of several financial-market data servers -- which could take months.
- IT Certification Study Tips
- Register for this Computerworld Insider Study Tip guide and gain access to hundreds of premium content articles, cheat sheets, product reviews and more.
- Jyske Bank extends brand message to more than one million visitors a month
- IBM WebSphere Portal software helps bank offer a clearly differentiated digital experience
- The Big Data Opportunity for HR and Finance
- If CEOs, CFOs, CIOs, and CHROs want to drive their businesses forward, they will need to quickly recognize the enormous value of big...
- Top 3 Myths about Big Data Security : Debunking common misconceptions about big data security
- Big data represents massive business possibilities and competitive advantage for organizations that are able to harness and use that information. But how are...
- Magic Quadrant for Data Masking Technology
- IBM is a leader in Gartner Inc's Magic Quadrant for Data Masking Technology. Read the full report to learn about IBM.
- Best Practices for Securing Hadoop
- Historically, Apache Hadoop has provided limited security capabilities. To protect sensitive data being stored and analyzed in Hadoop, security architects should use a... All Financial IT White Papers
- What should I look for in a Next Generation Firewall? SANS Provides Guidance With so many vendors claiming to have a Next Generation Firewall (NGFW), it can be difficult to tell what makes each one different....
- Why Are Customers Really Deploying an NGFW? It seems every IT Security expert is talking about the NGFW, but what are people really doing? This webcast covers 5 real-world customer...
- Charting Your Analytical Future - "Making predictive analytics part of your business processes" Webinar This session will show how predictive analytics can be used throughout the organization by anyone looking for answers and how organizations can make...
- On-demand webinar - 7 Keys to Service Catalog Implementation Success Watch this webinar to learn 7 crucial keys to make your service catalog a success!
- Transform Your IT Service Management Watch this webinar, to learn how EasyVista can increase IT productivity & efficiency and deliver streamlined & integrated IT Service & Asset Mgmt.
- All Financial IT Webcasts