23 October 2014

67447

Dan Barnes - Information Corporation

47 | posts 61,610 | views 8 | comments

Future Finance News Analysis

Finextra and Oracle have gathered together some of the industry's top thought leaders to assess the key trends and issues within transaction banking, regulations and retail banking. This group will analyse the latest news on upcoming regulations, new service offerings and industry issues shaping the new financial services landscape with regular blog posts, video interviews, webcasts debates and surveys.

ATMs: No change there then

20 March 2014  |  1213 views  |  0

Regulators from the US to the Philippines have issued warnings to ATM firms that they should be cognisant of upgrading their operating systems by 8 April 2014, the date by which support for Windows XP will expire.

Since Sam Woods, director of UK regulator the Prudential Regulation Authority (PRA) condemned technology at UK banks as “antiquated” in January 2014, it has become apparent that globally many run a soon-to-be-outdated Windows XP platform on their ATMs. Despite the potential to upgrade to Windows 7 it seems that many firms are not making the leap – yet at least.

With industry estimates placing 95% of ATMs running on the XP platform, could this be a chink in the security of banks worldwide?

Q: How come so many ATMs are run on Windows XP?

A: It’s been the operating system of choice for the last decade, having been released in October 2001. At that time banks were considering ATMs to be a vehicle for advertising and value added services with some banks having already begun a shutdown of branches on the basis that internet banking was taking over as a recruitment vehicle. Having an operating system that could display graphics (and therefore adverts / information) was a step up from the green screen systems used before.  Microsoft tried to phase it out in 2007 but to no avail – it was too popular.

Q: Lots of stories quote the 95% of ATMs figure – is that accurate?

NCR, the ATM provider, says that it was certainly accurate at the start of the upgrade process, however that began in earnest 2 ½ years ago.

According to Andrei Charniauski, and associate at Retail Banking Research, “Even though the ‘upgrade process’ started a few years ago, right now there are very few Win7 ATMs installed. We are currently updating our ATM studies and, provisionally, at the end of 2013 only around 0.1% of ATMs worldwide were running Win7.”

Q: What effect could this have on ATMs?

A: In theory it could leave them open to attack – without support for Windows XP from Microsoft which ends on 8 April, vulnerabilities might be easily be exploited. Timothy Rains, director of Microsoft Trustworthy Computing has warned that risks will increase as criminals try to use newly discovered vulnerabilities.

In a statement, Rains said “The importance of upgrading from Windows XP cannot be overstated. We truly want people to understand the risks of running Windows XP after support ends and to recognise the security benefits of upgrading to a more modern operating system — one that includes the latest in security innovations, provides ongoing support and can in turn better protect them.”

However this warning is primarily concerned with PCs – ATMs are not internet accessible and therefore hacking would need to be via the secure network on which they operate or by hardware attached to the device itself.

Q: Is there a threat from regulators?

A: In the US, the Federal Financial Institutions Examination Council (representing the Board of Governors of the Federal Reserve System, Federal Deposit Insurance Corporation, National Credit Union Administration, Office of the Comptroller of the Currency, Consumer Financial Protection Bureau, State Liaison Committee) has said that banks should follow their risk management processes to address the risk from the continued use of XP, “consistent with the risk management guidance” in which includes “an implementation plan addressing priorities for changes, ensuring appropriate change management procedures, and monitoring related third parties’ mitigation and migration activities, as warranted.”

Deputy Governor of the The Bangko Sentral ng Pilipinas, Nestor Espenilla has said that, “Under our technology risk management framework, banks should … take action to replace their software.”

However the risks are acknowledged as a ‘cost of doing business’ by most regulators, who are leaving the banks to decide the best way to manage the upgrades.

Q: And are banks making the switch?

A: Only a third are estimated to be moving by the deadline; most are simply paying Microsoft more money to carry on as before. 

 

TagsSecurityRisk & regulation

Comments: (0)

Comment on this story (membership required)
Log in to receive notifications when someone posts a comment

Latest posts from Dan

Google search: What’s my credit score?

01 July 2014  |  1890 views  |  0  |  Recommends 0 TagsRisk & regulationInnovationGroupFuture Finance

Trade finance creates a 10 billion dollar risk

11 June 2014  |  1701 views  |  0  |  Recommends 0 TagsRisk & regulationWholesale bankingGroupFuture Finance News Analysis

Bad as gold

29 May 2014  |  1686 views  |  0  |  Recommends 1 TagsRisk & regulationWholesale bankingGroupFuture Finance News Analysis

Is Bitcoin mo' money or no money?

29 May 2014  |  1308 views  |  0  |  Recommends 1 TagsVirtual currencyRisk & regulationGroupFuture Finance
name

Dan Barnes

job title

Writer

company name

Information Corporation

member since

2013

location

London

Summary profile See full profile »
Award-winning, freelance financial journalist. Specialist in many areas, including; sell-side exe...

Dan's expertise

What Dan reads
Dan writes about

Who is commenting on Dan's posts

Ketharaman Swaminathan
Dave Kershaw
Jorge Yui
Ponnusamy Selvaganapathy
Christopher Mc Carthy