April 7, 2014 | 15
You’re probably on tenterhooks wondering what will happen to your reliable, convenient ATM on April 8, the day Microsoft officially sticks a fork in its hugely popular Windows XP operating system.
You’re not? Did you know that more than 75 percent of the world’s automated teller machines use XP? And that an outdated operating system no longer supported by its maker is more difficult to secure, keep compliant with government regulations and run with newer software? Now can you feel the tension? That’s more like it.
As of tomorrow, Microsoft will no longer provide security updates or technical support for Windows XP, which the company released in October 2001. There are about 420,000 ATMs located in banks, bodegas and shopping malls throughout the U.S., and only about one-third of them are likely to have upgraded to Windows 7 or 8.1 before XP officially becomes a relic.
The security implications of not upgrading from Windows XP are unclear. ATMs won’t necessarily become a target for hackers as soon as April 8 arrives. But XP will become less secure over time because Microsoft will stop issuing security patches. This means ATMs will be easier to infect with viruses and generally more hackable. You might not be worried about someone exploiting XP with malware to empty the corner ATM—that’s the ATM owner’s problem. You’ll have plenty to worry about, however, if that same malware steals your card number and PIN.
Individual ATMs tend to hold about $160,000 or so in cash, another reason cyber criminals are less likely to invest the time and money to break into them as opposed to the back-end computers that process ATM transactions, says Nicole Sturgill research director at CEB TowerGroup, a provider of advisory services to banks and other financial institutions. Investigators, for example, traced one of the biggest ATM heists of all time back to a security breach in credit card processing firm RBS Worldpay’s computers, she adds. The thieves used counterfeit cards to steal $9 million from at least 2,100 machines in at least 280 cities worldwide.
Even if most ATM owners aren’t ready for the April 8 deadline, the push to move cash machines beyond XP is generating “the most activity I’ve seen in the ATM world in the past 12 years or so,” Sturgill says. “Consumers are becoming more digital and have less patience for a large, dumb box.”
ATM makers such as NCR jumped at the chance years ago to use Windows on their devices. As a commodity—as opposed to a custom-made—operating system, XP lowered the cost of their machines and broadened their appeal. Now NCR is encouraging its customers to migrate to Windows 7, which can accommodate touchscreen swipe gestures and other capabilities that make ATMs more like a mobile phone or tablet, says Robert Johnston, director of enterprise software marketing for the U.S.’s top ATM supplier.
Whether your local ATMs will be ready for life after XP depends on a number of factors, cost in particular. Banks looking to spice up the ATM experience at their branches are more likely than the corner grocery store to invest the tens of thousands of dollars needed for the higher-end systems that remember user preferences, dispense a variety of denominations and include more teller-like capabilities.
ATMs made within the past five years would need upgrades of $4,000 to $5,000 per machine to ensure the software running on them is compatible with newer versions of Windows, Fortune.com reported March 31.
No amount of software upgrades will be able to extend the lives of Windows XP kiosks a decade or older—they’ll need to be replaced.
Ultimately, April 8 will be a landmark day in the history of ATMs. It just won’t feel like one.