Article

When XP gets the axe, then what?

What to do when the useful life of an ATM far outlasts its software? A March 4 webinar provides an answer.

February 19, 2014 by Suzanne Cluckey — Owner, Suzanne Cluckey Communications

The overwhelming majority of ATM operators around the world will find themselves in between one of two spots on April 8:

1) a rock.
2) a hard place.

The reason: Of 90 percent of the world's ATMs that are driven by Windows XP, 85 percent will be out of compliance with PCI standards as of April 8, as per PCI DSS Requirement 6.2:

Ensure that all system components and software are protected from known vulnerabilities by installing applicable vendor-supplied security patches. Install critical security patches within one month of release.

So, for the sake of argument, assume a worldwide total of 2.7 million operating machines, about 2.4 million of them running XP.

As of April 8, 2 million or so of these (85 percent) will be operating on outmoded, unsupported software — which is to say they'll become a hacker's playground.

Possibly, some of these units will be covered by individual Microsoft Customer Support Agreements — at the price of $1 million for the first year and several times that amount in year two and beyond. Other machines, operated by the larger FIs, might be supported by top-notch in-house IT departments — also at a cost of millions.

Register Now

These will be the exception and not the rule, however. So, worldwide, the majority of ATMs will have software security issues. And while misery might love company, it loves an end to misery so much more.

A free March 4 webinar hosted by ATM Marketplace and presented by Wincor Nixdorf will have that end very much in mind.

For operators of virtually every make of machine, the webinar, "Life beyond Microsoft's April 8 XP support deadline," will examine, in detail:

• issues and unanswered questions surrounding Microsoft XP end of life;
• why a recent Microsoft promise to continue to offer downloadable patches is sadly inadequate;
• exactly what the Payment Card Industry Security Standards Council requires in order for an ATM to be considered  PCI Data Security Standard-compliant;
• whether it is possible for an ATM operating system to achieve even greater security than PCI DSS actually requires;
• how an ATM can achieve PCI DSS compliance — or better — without a Windows 7 upgrade;
• how to prove "compensating controls"; and
• what happens to ATM operators who are still running XP when Windows 7 end-of-life arrives in 2020.

Presenters will include Terrence Devereux, a senior trusted advisor at Wincor Nixdorf and an expert on software architecture, and Randolf Skerka, division manager for network security and security management systems at the independent firm Security Research & Consulting.

Together, the two security specialists will address the current Microsoft end-of-life dilemma.

They'll explain why this dilemma will continue as Windows 7 and succeeding OS iterations continue to reach end of life well before the machines in which they're installed become obsolete.

They'll discuss how it might be addressed and resolved — without leaving operating systems open to compromise.

And they'll answer audience questions about a Wincor multi-vendor program that promises to solve this dilemma, and also about other XP-extending solutions and their real-world applicability.

The free, 1-hour webinar will take place on Tuesday, March 4, 2014, at 10 a.m. EST. For more information, or to sign up to attend, visit the registration page. 

photo: john neeman

About Suzanne Cluckey

---

Suzanne’s editorial career has spanned three decades and encompassed all B2B and B2C communications formats. Her award-winning work has appeared in trade and consumer media in the United States and internationally.