Page 18 - gs140202flipbook
P. 18
on the Windows XP platform after time to migrate to Windows 7.
the end of the support lifecycle
exposes financial institutions and Resources for ATM ISOs
independent ATM deployers to For Windows users, "Patch Tuesday"
security, operational and compliance is a familiar term, as it is the
risks." Windows XP will thus be second Tuesday every month when
an open and unguarded target Microsoft issues security patches for
for malware into perpetuity, with its operating systems. Since Windows
security risks including attacks XP was launched, there have been
to ATM networks, local ports and over 700 vulnerabilities found in the
browsers, the paper stated. operating system, according to the
ATMIA.
By not migrating from XP to Windows
7, ATM operators also jeopardize Reportedly, most ATM fraud
their compliance certification status. involves the manipulation of ATM
"Windows XP doesn't offer the kinds hardware, but software attacks
of integrated security features the have become increasingly popular.
latest versions of Windows have Even with the development of new
integrated, and software running in operating systems for computers,
Windows XP is unlikely to pass the Windows XP continues to be a target
standards set forth by the Payment for fraudsters, and for that reason the
Card Industry (PCI) or EMVCo," the association believes the operating
ATMIA said. system will remain a popular target
Default, not design past Microsoft's support termination
date.
Scott Kinka, Chief Technology
Officer at bank and credit union Lee told The Green Sheet that
cloud service provider Evolve IP LLC, Microsoft made the announcement
said 95 percent of ATMs in the United to stop Windows XP support toward
States run on Windows XP. The the end of 2012, so the ATM industry
operating system gained dominance has had "plenty of warning" about
essentially by default, not by ATM the impending deadline. Admitting
industry design. Kinka said XP was it can be an expensive and time
chosen over other operating systems, consuming proposition to migrate
such as the arguably more secure ATMs to the newer operating system,
Linux operating system, because it Lee said ATM ISOs must work with
was the only "stable" option available their software vendors to facilitate
when ATM growth began to occur. the process.
"XP has been around since 2001, and
Linux was not in wide use for these The ATMIA offers resources for ISOs
types of systems at that time," he in making the transition. "ATMIA
said. has made available a list of FAQs
and the answers from Microsoft to
Kinka noted that a small percentage these industry questions," Lee said.
of ATMs run on Windows XP "There is also case study material of
Embedded (XPe), Microsoft's a method for remote deployment of
stripped-down version of XP. "In new software to save costs and on-site
most cases XPe doesn't need frequent visits in migrations of this nature and
patching as they're locked down a risk assessment report with some
and set up to function like dumb best practice recommendations."
terminals, merely passing data along
to a back room or an online server," ATMIA also outlined the risks of
he said. "That makes Windows continuing to operate XP after the
Embedded devices inherently more deadline and explained the steps
secure." that need to be taken to address these
risks.
Since Microsoft is continuing tech
support for XPe until early 2016, ISOs
that operate ATMs on XPe have more
18
18
18
