A Blog by Jonathan Low

 

Jan 21, 2014

How Old Is Too Old? Windows XP Putting Bank ATMs at Risk

95 percent of the world's ATMs (automated teller machines) still run on Windows XP. Whats the big deal, you say? Well, it was introduced in 2001. That, in itself, is not the problem.

That Microsoft set April 2014 as the end of support for XP is.

Now, thirteen years is a pretty good run, and aside from occasionally finding that the nearest cash machine has run out of cash, we don't, as a general rule, hear too many complaints about these ubiquitous dispensaries. We take them for granted, expect them to stand and deliver - and, by and large, they do.

So what is a bank to do? Well, they could take the risk that it will work ok for a couple more years without support while they try to figure out what the next best alternative may be. Of course, identifying the successor and then installing it, worldwide, is going to take some time. They will incur some liability. To say nothing of the replacement cost, which promises to be hefty. The logical step is simply to charge the additional cost - and a slight premium for their trouble and institutional emotional distress - to the consumer. The risk there is that it may provide a juicy opening to all those electronic wallet apps on which Google and others have been beavering away.

Microsoft, too, sees the potential end of a lucrative franchise and not having an auspicious job of addressing it with a new upgrade, has quietly announced a slight extension so it can deliver a successor. This may be a non-event like the infamousY2K, or maybe the system will crash. Either way, consumers can expect to pay more for the privilege of accessing their own cash. JL

Carmi Levy reports in Yahoo Finance:

When it comes to operating systems, how old is too old? Banks across the U.S. and around the world are about to find out.
As Microsoft continues its campaign to convince customers to finally shut off PCs running the old Windows XP operating system and transition to something a little newer, the largest ATM provider in the U.S. has released data that suggests breaking the XP habit may be more difficult than anticipated.
NCR says 95 per cent of the world’s ATMs still run on XP. The operating system was released in 2001, and the Redmond, Washington-based software vendor had set April 8, 2014 as the end of support date for computers and devices running the full version of XP. After that date, the company said it would no longer issue security updates or non-security hotfixes designed to improve performance or address problems or errors. It would also stop all free and paid support services, and cease providing online technical content updates.
Customers who continue to use Windows XP after support runs out will be at increased risk of online attack and infection. While most ATMs are not directly connected to the Internet, they remain vulnerable to other forms of attack.
Although an embedded version of XP will be supported until 2016, NCR says most of the 420,000 ATMs currently in use in the U.S. run the full version. With Microsoft’s upgrade campaign failing to get everyone off of XP in time, the company last week quietly announced an extension of sorts: While the original deadline stands, Microsoft will continue to provide anti-malware updates through July 14, 2015 to ensure the old machines remain protected against newly emerging threats.
Software in transition
Old operating systems have long been a thorn in Microsoft’s side. The company’s revenue models were traditionally based on customers buying updates for Windows and Office. As mobile technology has sapped the PC’s dominance – IDC says sales were down 10 per cent in 2013 and are expected to tumble again this year – and software has increasingly shifted online, Microsoft has followed suit. Its subscription-based Office 365 product has tallied 2 million subscribers and last year became the company’s latest billion-dollar business. Unlike traditional shrinkwrap offerings, online services generate regular subscription-based revenues, and aren’t subject to falling behind the times if customers decide what they’re using is simply good enough.
Windows XP has stubbornly clung to the back of Microsoft’s technology treadmill because the product that replaced it, Windows Vista, was late, bloated and flawed when it finally bowed in 2006. While Windows 7 subsequently fixed most of Vista’s problems, customers satisfied with XP saw no reason to rock the boat. And as long as Microsoft was providing support and protection against ever-evolving online threats, there was no compelling reason for that to change.
A complex upgrade
As much as banks appreciate the risks of using an unsupported operating system underneath some of their most critical customer-facing infrastructure, switching to anything else will be an expensive proposition. ATMs are customized environments, with a sophisticated interface, security and network layers running on top of the basic operating system. Shifting to a new OS foundation is a far more involved than simply reinstalling the ATM code on a newer version of Windows. The system must be either recompiled or rebuilt from scratch, then extensively tested to ensure it can survive in the real world.
It’s a capital investment that financial institutions have been able to avoid as long as XP wasn’t going away. Now that it is, they have no choice. As the clock ticks down toward a Y2K-like deadline, expect the cost of compliance to continue to rise as the programmers who will bring the XP-based ATMs up-to-date become ever more scarce. As banks ponder their post-XP future, don’t assume the natural successor will be Windows-based, as this is a cycle their CFOs won’t want to repeat.

0 comments:

Post a Comment