• Cullen and Dykman LLP Blogs

  • Archives

  • Putting Windows XP to Sleep: The Ripple Effect on Banks and ATMs

    Windows XP. Windows 7. Windows 8. Windows 8.1? It appears that Microsoft fails to cease developing newer and more advanced operating systems. However, since users often operate their devices using the system that was initially installed, and maintain security by frequently installing Microsoft’s system updates, there is generally no pressing need to upgrade to one of the latest operating systems. But, if Microsoft stopped providing such support and updates for one of its operating systems, users of that operating system would be forced to upgrade to newer systems to avoid experiencing significant security risks. This is exactly what we are seeing with Windows XP (“XP”), Microsoft’s 12-year-old operating system that is currently used in nearly one-third of all computers today (including personal computers, medical equipment, and ATMs).

    Microsoft has made it clear for some time that on April 8, 2014, it will eliminate all support for XP. Without this support, XP users will face increased security and regulatory compliance risks. Despite receiving multiple requests to extend the deadline, Microsoft appears steadfast in abiding by its long-communicated decision. As a matter of fact, Microsoft has devoted an entire webpage on its website to this upcoming date, including a live countdown in days, hours, minutes, and seconds.[1] According to a Microsoft spokesperson, “XP … [was] great software release[d] more than a decade ago, but technology has evolved along with the needs and expectations of [businesses’] customers and partners that have already adopted modern platforms and devices. . . . A 12-year-old operating system can no longer address today’s business and technology needs nor security threats.”[2]

    In addition to the April 8th countdown, Microsoft’s website outlines what its discontinuance of XP support will mean for users, provides advice as how to best migrate off Windows XP, and sets forth potential risks for those deciding to remain XP users. According to the same Microsoft spokesman, “XP users will no longer receive new security updates, non-security hotfixes, free or paid assisted support options, or online technical content updates from Microsoft.”[3]  In sum, if a significant fault is discovered in XP, Microsoft will no longer be fixing the problem.

    So how does Microsoft’s decision affect the entire banking industry? As it turns out, 95 percent of ATMs throughout the world operate using XP. Losing Microsoft’s support of this operating system will undoubtedly create significant security threats for the operators of these ATMs. To avoid such threats, these operators must either upgrade their ATMs’ components, or destroy them altogether.

    Despite this, it has recently been reported that only one-third of the ATMs worldwide that use XP will have been upgraded by the upcoming deadline. As for the remaining two-thirds, they are currently doing something that their customers are accustomed to – waiting in line. According to Doug Johnson, Vice President and Senior Advisor for the Risk Management Policy at the American Bankers Association, “there is a little bit of a bottle-neck” for banks attempting to have their ATMs upgraded. In the interim, to avoid becoming victims of hacking activity or viruses, many of the banks waiting on this lengthy queue have entered into agreements with Microsoft for continued support of their XP-operated ATMs beyond the April 8th deadline. Reports indicate that these extended support and upgrade agreements are coming at a price tag of up to $100 million.

    ATM machine operators, including banks and financial institutions throughout the world, should pay close attention to Microsoft’s decision to discontinue providing XP support. It is highly recommended for these XP-based operators to upgrade to a newer operating system, and in the meantime to enter into a contractual agreement with Microsoft for temporary continued support of the soon-to-be obsolete XP system. If you or your company has any questions or concerns regarding banking related issues, contact James G. Ryan at jryan@cullenanddykman.com or via his direct line at (516) 357-3750. 

    Special thanks to Scott Brenner, a law clerk at Cullen and Dykman LLP, for his assistance with this post.

    [1] http://www.microsoft.com/en-us/windows/enterprise/endofsupport.aspx

    [2] http://www.neowin.net/news/windows-xp-support-ends-in-90-days-microsoft-remains-firm-on-deadline

    [3] http://www.neowin.net/news/windows-xp-support-ends-in-90-days-microsoft-remains-firm-on-deadline