Microsoft will discontinue support of Windows XP in April 2014, a decision announced in an official statement in October 2013. This means that Microsoft will no longer monitor malfunctions and potential vulnerabilities of the XP operating system. As a result of this discontinuation, Microsoft will also cease to supply patches to protect against attacks to PCs of XP users. Without these XP updates and patches, PCs are more vulnerable to criminal attacks. For PC users, the solution is a simple upgrade to Windows 7 or 8 as soon as possible. But for the financial industry it is a bit more complicated.
As a financial institution, you are likely working diligently to assess the operational risks associated with the discontinuation of Windows XP support to ensure that products and services will be delivered safely without compromising sensitive data. While it is somewhat reassuring to your customers that you will be addressing this important issue, the impact it could have on customers’ financial assets remains concerning.
Just as a PC running Windows XP may be vulnerable to criminal activity, without security updates, ATMs that continue to use XP may be vulnerable to criminals as well. According to InformationWeek, it is estimated that 75% of all ATMs currently run on Windows XP.
Another issue of concern is that not all ATMs are owned by financial institutions, but also by various small operators. For small business owners, there are many decisions to make when considering changing operating systems—with cost the major factor. And it isn’t as simple a fix as downloading new software. Other operational considerations:
- Each ATM will need to be visited by a service technician to physically perform the changes.
- If the hardware in the ATM is outdated, it may be to slow to run the upgraded operating system.
- Licensing fees with Microsoft have to be renewed and/or updated.
So individuals and businesses can protect desktop and laptop computers by upgrading to Windows 7 or 8, but how can customers’ protection be assured at ATMs? That’s a matter of banks and financial institutions such as yours successfully upgrading ATMs and making customers aware of the upgrades.
As you inform them of the security they can expect at your financial institution’s ATMs, you can also remind them to double-check whether non-bank ATMs have been upgraded so they don’t just dash into any locale to conduct an ATM transaction. Your customers will thank you.