For ATMs, the switch to a newer OS is slow and tedious On April 8th, Microsoft will be ending all support for Windows XP, its 13-year-old operating system for both consumers and businesses. Microsoft has discontinued service for XP for all consumer machines. However, almost all ATMs (roughly 95%) are still operating on Windows XP.
Microsoft first warned of its plan to end support for Windows XP back in 2007 and urged ATM systems to be upgraded to a new operating system such as Windows 7, before the April 2014 deadline. Since the industry is so far from compliant, Microsoft has offered security updates for these systems for a substantial price, depending on the needs of each customer as well as the actual amount of support needed.
What does this mean for banks across the globe?
Today, roughly 420,000 out of the world’s 2.2 million ATMs are located in the U.S., that are still running the full version of Windows XP even as the end-of-life deadline draws near. ATMs that use an embedded version of Windows XP will still receive Microsoft’s support until early 2016, as Windows XP Embedded is less susceptible to malware and viruses when it's features and abilities are compared to Windows XP .
This issue affects banks on a global scale, as the five largest banks in Britain, including: Barclays, HSBC, Lloyds Banking Group, Royal Bank of Scotland and Santander UK have either negotiated new contracts with Microsoft or are in the process of doing so.
The cost of upgrading a single ATM to Windows 7 ranges anywhere from a few hundred dollars to several thousand depending on the maintenance required. Consequently, major banks could be looking at spending close to $100 million to extend Microsoft’s support and upgrade to the newest platform. According to KAL, an ATM software firm, only 15 percent of ATMs in the US will be operating on Windows 7 by the April 8 deadline.
Too many deadlines, not enough time
The banking industry has fallen behind in upgrading their ATM systems due to regulations that were enforced after the 2007-2008 financial crisis. For the banks, this necessary upgrade from Windows XP is just one part of the bank’s extensive to-do list, including the 2015 deadline to make the switch to chip and PIN (EMV) cards for all US consumers. This switch from magnetic stripe cards to chip and PIN (EMV) cards is another expense that banks will have to factor in, as there are roughly 440,000 ATMs currently in the United States that will need to have their OS and hardware upgraded and made them compatible with EMV cards.
As Microsoft shifts its focus from Windows XP to it’s newer operating systems and other business ventures, there’s a strong possibility that hackers and cyber criminals will specifically target ATMs that are still running on Windows XP, trying to exploit it’s older software. ATM manufacturers and operators who choose to ignore the deadline will have to increase their efforts and spending to continue receiving support from Microsoft.
Consumers need not worry, as customer balances are still protected under the same standards that banks use to combat against fraud.