Up to 95% of the world's ATMs could be left wide open to hackers next month when Microsoft ends tech support for the Windows XP operating system, the PCI Security Standards Council is warning.
In a long trailed move, from 8 April Microsoft will stop rolling out security updates and patches for XP, leaving machines running the 12-year-old operating system more vulnerable to attack.
ATMs running XP Embedded are not affected because Microsoft is not cutting off its support until 2016.
The process of upgrading to an alternative such as Windows 7 is both complicated and expensive for ATM operators - with many older machines needing to be altered one by one. Most are not expected to have made the switch within the next month.
JPMorgan has bought a custom one-year tech support agreement from Microsoft and will not begin migrating its 19000 machines to Windows 7 until July, the bank has told Bloomberg. Wells Fargo and Citi say that they are working on upgrading their networks.
It's not just ATMs that are at risk - Microsoft recently warned that the Indian banking industry's reliance on XP could put more than 34,000 branches at risk.
In a notice on its site, the PCI SSC is urging firms to take the plunge: "Don't make yourself an easy target, talk to your technology provider today and make sure your PC and systems are not putting your customers' confidential payment card data and your business at risk."