Windows XP is Everywhere, and It’s Ending: Are Your Point-of-Sales Devices Safe?

As your roving correspondents, we have to, of course, rove. As in hit the road, roam far afield, attend a conference, track down a story.

When we do travel, we go — as do you — with an array (too many?) of screens. A small one in our pocket. A mid-size one for reading. And then there’s the laptop. Our travel laptop, which has been with us awhile, is still running the comforts of Windows XP as its operating system. And it may continue to do so for awhile, even with digital “terra incognito” upon us — the end of XP as a supporting operating system.

Microsoft’s “at long last, love” end to XP is coming in early April.  That brings to an end the ongoing viability of what had been company’s main platform for the whole 2000’s, one that has been ubiquitous on numerous devices. And while the end of XP won’t really affect the copy we write while ambling — even if we stick with the old “travel laptop” in the uncharted “Window waters” ahead  — it may well affect many Point of Sale devices, and many of the standards merchants rely on to reassure customers (and themselves) that the “payment chain” is as secure as it can be, in these hackable times.

All of this may start to happen in a couple of weeks.

As the headline in Network World fairly shouts out, “Windows XP can put SOX, HIPAA, credit card security-compliance at risk.”

“Risk” as in “businesses that have to comply with payment card industry (PCI) data security standards as well as healthcare [the “HIPAA” part] and financial standards [the “SOX,” or “Sarbanes – Oxley” part]  may find themselves out of compliance unless they call in some creative fixes, experts say.”

Why is that?  Because “strictly interpreted, the PCI Security Standards Council requires that all software have the latest vendor-supplied security patches installed, so when Microsoft stops issuing security patches April 8, businesses processing credit cards on machines using XP should fall out of PCI compliance,” this according to Dan Collins, the president of  360advanced, which itself does security audits for businesses.

But payment industry newsletter “Greensheet” takes a more yin/yang view of XP’s wind-down, saying that as the “date approaches for Microsoft Corp. tech support for the Windows XP operating system, it can be seen as a reason to panic, or to prosper. XP-based ATMs, which dominate the market, as well as POS systems that run on XP, will undoubtedly experience problems when they become infected with malware and receive no patches from Microsoft to remedy the situation. But the deadline can also be seen as a selling opportunity focused on merchants ready to cut ties with legacy systems and adopt spiffy new tablet POSs.”

So just as the Target hacks hastened changes that were coming anyway – like the arrival of EMV cards — so to the end of XP may hasten the switch to other operating systems, and other devices.

Of course, the article continues, “some merchants that should comply with PCI could fly under the radar for a while without doing anything to address Windows XP non-compliance, he says. While it’s not advisable, they are not compelled to have security audits unless a merchant bank or credit processing service provider requires it – and that doesn’t happen all the time.”

But why wait until that particular boom is lowered? Certainly, at all those points “of sale,” the change over to a tablet or phone can be rather easy for merchants. Indeed, you can even contact AVPS today — before that April deadline rolls around — to see what your options are in a post-XP, and still PCI-compliant, world.

As for ATMs, well, we’re not sure what to do there. Just be sure to count your cash before walking away.

Meanwhile, we’re back in town next week, writing on Windows 7. But we’re thinking it’s time to look into Linux.

 

Tags: , ,

No comments yet.

Leave a Reply

You must be logged in to post a comment.