CONTINUE TO SITE »
or wait 15 seconds

Blog

How worried should deployers be about end of XP support?

March 20, 2014 by Dominic Hirsch — manager, Retail Banking Research

Virtually all ATMs around the world use a Windows operating system, and many still use Windows XP. Microsoft released XP in October 2001 and is ending free support on April 8 — from this date users will no longer receive automatic updates, fixes and security patches.

Although the end of XP support has been well trailed, many ATM deployers have not upgraded their ATM operating systems and will not have done so by the end-of-support deadline. XP licenses will still be valid after April, and in theory XP users will be able to purchase a custom support agreement from a reseller, which would extend support for a period of time.

CSAs will be expensive however, and it appears that none of the major ATM manufacturers (who supplied the original operating systems with the ATMs) have applied to Microsoft for licenses to sell CSAs, so in practice they are unlikely to be a solution.

As Aravinda Korala, CEO of independent ATM software provider KAL, said in a recent presentation on this topic, "with the cost of Windows at about €15 ($20) per year, your cost problems are not caused by Windows." He highlighted, for example, a study by Scotiabank and Microsoft that estimates that in the U.S., for a 2,500-ATM network estate, the cost of software installation will be between €120 and €640 ($165 and $882) per ATM.

The cost will be significantly higher in cases where ATM hardware needs to be replaced. This is not necessarily because the older hardware cannot run the newer software, but because ATM manufacturers do not wish to support new software on some of their older machines (in much the same way as Microsoft does not wish to support XP forever).

How significant a risk is it for an ATM deployer not to upgrade from XP? This question is addressed by Juan Jesús León, director of products at GMV, in an article on page 8 of the March issue of Banking Automation Bulletin.

León points out that most ATM software attacks today are based on physical access to the ATM rather than vulnerabilities in the Windows operating system. As ATM deployers make these physical access-based attacks more difficult through changes in their processes as well as the use of solutions such as sandboxing, whitelisting and encryption, criminals will likely change their focus to other types of attack, including targeting Windows vulnerabilities.

Assuming that ATM deployers already have software security solutions in place, the Windows XP support deadline will pass without any major security incidents. Ironically, while end of XP support will not push all deployers to upgrade their ATM operating systems, it will raise awareness of ATM software vulnerabilities and alternative solutions. XP on ATMs will not disappear for some time yet, but ATMs will be more secure than they have ever been.

Reprinted from Banking Automation Bulletin (www.rbrlondon.com).

 

About Dominic Hirsch

None

Connect with Dominic:

Related Media

Security
Examining biggest ATM security issues and 4 strategies to prevent them
Security
Banking privacy: 5 benefits for banks, customers
Security
Protecting an ATM's hardware, software by slowing down criminals
On-Demand Webinar
A Masterclass in ATM Security: Global Best Practices and Trends
Presented by Diebold Nixdorf

Software
Top 10 ATM software solutions
Software
Examining the past, present and future of XFS
Commentary
ATM features: 5 to include
Special Report
2024/25 ATM & Self-Service Software Trends
Presented by KAL ATM Software GmbH
Recent Posts
Eurasian Bank selects Diebold Nixdorf's self-service software
First National Bank to open 30 branches
Romanian man arrested for alleged cash trapping ATM scheme
Replacing the ATM: Pros and cons of new vs. remanufactured
Chase partners with The Points Guy for Make-A-Wish sweepstakes


©2025 Networld Media Group, LLC. All rights reserved.
b'S2-NEW'