Feb 07 2014

Our ATMs Run on Windows XP, So What's the Migration Plan?

Desktop and notebook computers across the country aren’t the only machines facing an XP deadline.

Many experts and organizations in IT have been beating the drum of Windows migration for some time now. But in case you haven’t heard, Microsoft will no longer support and patch its 12-year-old Windows XP operating system come April this year.

That means any PCs running the software will go unpatched and become vulnerable to threats and hacks that malware proprietors have been perfecting for years. For financial institutions, there’s an additional point to consider: An organization that is audited and found to be running an unsupported OS, a violation of the Payment Card Industry Security Standards, could incur serious fines and penalties.

But that’s not all. The vast majority of our ATMs are still running on Windows XP, too, according to a report from Bloomberg Businessweek:

Inside every ATM casing is a computer, and like all such devices, each one runs on an OS. Microsoft’s 12-year-old Windows XP dominates the ATM market, powering more than 95 percent of the world’s machines and a similar percentage in the U.S., according to Robert Johnston, a marketing director at NCR (NCR), the largest ATM supplier in the U.S.

There are 420,000 ATMs across the United States. That means there’s going to be a lot of upgrading to do over the next month or so if banks and financial institutions hope to meet Microsoft’s deadline.

What’s taking the financial industry so long to get on board? The problem doesn’t rest solely with banks and credit unions or ATM manufacturers. According to an article in InformationWeek, most of the networks and processors that handle ATM transactions, such as STAR, only completed certification of Windows 7 in early 2013.

So, come April, what can we expect?

Aravinda Korala, chief executive officer of ATM software provider KAL, believes that only 15 percent of the nation’s ATMs will have migrated to Windows 7 by the deadline, according to the Businessweek article. J.P. Morgan, which plans to begin the migration process in July, will pay Microsoft for a custom program that will provide support beyond the April cutoff. It’s likely that other financial institutions will be forced to do the same if they don’t successfully migrate their ATMs by the deadline.

Still, migration isn’t all gloom and doom. Yes, it requires thoughtful planning and an investment in new resources. But upgrading from Windows XP to Windows 7 offers financial institutions an opportunity to refresh and reassess their IT security and future-proof their infrastructure.

“While the Windows XP migration is a disruptive change, it is a good opportunity for organisations to review current practices and make changes that will add value long into the future,” states a recent white paper by Clear2Pay, a global payment-technology provider.