19 July 2018
Dan Barnes


Dan Barnes - Information Corporation

47Posts 93,113Views 8Comments
Future Finance News Analysis

Future Finance News Analysis

Finextra and Oracle have gathered together some of the industry's top thought leaders to assess the key trends and issues within transaction banking, regulations and retail banking. This group will analyse the latest news on upcoming regulations, new service offerings and industry issues shaping the new financial services landscape with regular blog posts, video interviews, webcasts debates and surveys.

ATMs: No change there then

20 March 2014  |  1995 views  |  0

Regulators from the US to the Philippines have issued warnings to ATM firms that they should be cognisant of upgrading their operating systems by 8 April 2014, the date by which support for Windows XP will expire.

Since Sam Woods, director of UK regulator the Prudential Regulation Authority (PRA) condemned technology at UK banks as “antiquated” in January 2014, it has become apparent that globally many run a soon-to-be-outdated Windows XP platform on their ATMs. Despite the potential to upgrade to Windows 7 it seems that many firms are not making the leap – yet at least.

With industry estimates placing 95% of ATMs running on the XP platform, could this be a chink in the security of banks worldwide?

Q: How come so many ATMs are run on Windows XP?

A: It’s been the operating system of choice for the last decade, having been released in October 2001. At that time banks were considering ATMs to be a vehicle for advertising and value added services with some banks having already begun a shutdown of branches on the basis that internet banking was taking over as a recruitment vehicle. Having an operating system that could display graphics (and therefore adverts / information) was a step up from the green screen systems used before.  Microsoft tried to phase it out in 2007 but to no avail – it was too popular.

Q: Lots of stories quote the 95% of ATMs figure – is that accurate?

NCR, the ATM provider, says that it was certainly accurate at the start of the upgrade process, however that began in earnest 2 ½ years ago.

According to Andrei Charniauski, and associate at Retail Banking Research, “Even though the ‘upgrade process’ started a few years ago, right now there are very few Win7 ATMs installed. We are currently updating our ATM studies and, provisionally, at the end of 2013 only around 0.1% of ATMs worldwide were running Win7.”

Q: What effect could this have on ATMs?

A: In theory it could leave them open to attack – without support for Windows XP from Microsoft which ends on 8 April, vulnerabilities might be easily be exploited. Timothy Rains, director of Microsoft Trustworthy Computing has warned that risks will increase as criminals try to use newly discovered vulnerabilities.

In a statement, Rains said “The importance of upgrading from Windows XP cannot be overstated. We truly want people to understand the risks of running Windows XP after support ends and to recognise the security benefits of upgrading to a more modern operating system — one that includes the latest in security innovations, provides ongoing support and can in turn better protect them.”

However this warning is primarily concerned with PCs – ATMs are not internet accessible and therefore hacking would need to be via the secure network on which they operate or by hardware attached to the device itself.

Q: Is there a threat from regulators?

A: In the US, the Federal Financial Institutions Examination Council (representing the Board of Governors of the Federal Reserve System, Federal Deposit Insurance Corporation, National Credit Union Administration, Office of the Comptroller of the Currency, Consumer Financial Protection Bureau, State Liaison Committee) has said that banks should follow their risk management processes to address the risk from the continued use of XP, “consistent with the risk management guidance” in which includes “an implementation plan addressing priorities for changes, ensuring appropriate change management procedures, and monitoring related third parties’ mitigation and migration activities, as warranted.”

Deputy Governor of the The Bangko Sentral ng Pilipinas, Nestor Espenilla has said that, “Under our technology risk management framework, banks should … take action to replace their software.”

However the risks are acknowledged as a ‘cost of doing business’ by most regulators, who are leaving the banks to decide the best way to manage the upgrades.

Q: And are banks making the switch?

A: Only a third are estimated to be moving by the deadline; most are simply paying Microsoft more money to carry on as before. 


TagsSecurityRisk & regulation

Comments: (0)

Comment on this story (membership required)

Latest posts from Dan

Google search: What’s my credit score?

01 July 2014  |  2907 views  |  0 comments | recomends Recommends 0 TagsRisk & regulationInnovationGroupFuture Finance

Trade finance creates a 10 billion dollar risk

11 June 2014  |  2565 views  |  0 comments | recomends Recommends 0 TagsRisk & regulationWholesale bankingGroupFuture Finance News Analysis

Bad as gold

29 May 2014  |  2852 views  |  0 comments | recomends Recommends 1 TagsRisk & regulationWholesale bankingGroupFuture Finance News Analysis

Is Bitcoin mo' money or no money?

29 May 2014  |  2318 views  |  0 comments | recomends Recommends 1 TagsBlockchainRisk & regulationGroupFuture Finance

Dan's profile

job title Writer
location London
member since 2013
Summary profile See full profile »
Award-winning, freelance financial journalist. Specialist in many areas, including; sell-side execution services, buy-side trading, market infrastructure, emerging markets, regulation, wholesale banki...

Dan's expertise

Member since 2013
47 posts8 comments
What Dan reads
Dan's blog archive
2014 (22)2013 (25)

Who's commenting on Dan's posts