Windows XP Is Now a Risk Factor for Banks? Should We Be Alarmed?

By Original work: Microsoft This work: FleetCommand (Original work: Windows XP This work: Own work) [Public domain], via Wikimedia Commons

By Original work: Microsoft This work: FleetCommand (Original work: Windows XP This work: Own work) [Public domain], via Wikimedia Commons

Microsoft announced that they are pulling out support for the Windows XP operating system on April 8, 2014. That’s only a little more than 18 days from today. So what is the significance of this announcement? Apparently, it is being considered as a major risk as central banks of different countries are now actively telling banks to gear up as Windows XP support ends.

Now, bankruptcy, bad debts, and radically changing regulatory policies are not the only problems that will be hitting banks. Even the very operating system of the computers and servers they are using will expose them to a lot of potential problems.

In the United States, the Federal Reserve has warned banks to be ready for the impending April 8 deadline. In South Africa, it is estimated that 95% of the country’s ATMs will be prone to hacking. Banks will have to deal with increased security threats on their information systems. For the rest of the world, the case will be very similar. All of these are likely to happen because of one vital factor: Windows XP.

Windows XP .logo

So what is it about Windows XP that’s threatening banks these days? Answer: a number of reasons – and they are concisely discussed below.

1. No More Security Updates and Patches

MIcrosoft’s decision to pull out support for Windows XP means that there will be no more security updates and patches to cover threats. The maker of the Windows OS will no longer be actively monitoring Windows XP for whatever threat or vulnerabilities that will be found in the system.

Over the twelve years that Windows XP has been in market, Microsoft had released several patches and updates to address the bugs and threats that have been discovered as time went by and as new threats emerged. This is the natural system that guarantees security protection for users of the operating system. Without this, the operating system becomes less secure against hacking attacks and damaging malware infestation.

Regular OS updating is one of the fundamental security assurances that protect operating systems. It has to be noted that malware and virus protection is not going to be enough. Vulnerabilities in the operating system can easily negate the protection supposedly afforded by antivirus or anti-malware software.

2. Application Incompatibilities

The failure of certain applications to run in Windows XP is also a possible consequence of Microsoft’s decision to pull out technical support for the operating system. This compatibility issue can lead to the erratic functioning of computers, especially if new applications are installed to handle certain tasks or features.

Likewise, application incompatibilities can happen in the computers used by banks in other office tasks like accounting and record keeping. The possible incompatibility issue may not be immediate but it will certainly happen in a matter of years.

3. Hacking or Tampering Attempts Especially on Small Community Banks

Large banks may not be that vulnerable even if they keep using Windows XP. There have been talks that many banks will pay Microsoft for securing Windows XP ATMs. Yes, this means additional costs for banks but not as much as the cost they will incur if they will have to replace Windows XP with the later version of the OS.

The hacking or tampering problem can be more pronounced in smaller banks or community banks. These banks are unlikely to have solid IT departments that can competently handle problems that threaten their computers. Usually, these companies mainly rely on the security assurance that comes with the operating system they use.

By XScreenSaver by Jamie Zawinski, screenshot by Thomas R. Schwarz [Public domain], via Wikimedia Commons

By XScreenSaver by Jamie Zawinski, screenshot by Thomas R. Schwarz [Public domain], via Wikimedia Commons

Despite all of these, there are ATM operators that think  that there’s really no need for an upgrade, especially for machines that are not connected to the Internet. Many technicians suggest that the possibility of an attack on an autonomous automated tell machine is unlikely unless it’s an inside job, considering that interactions with ATMs are limited to the insertion of the ATM cards and the taking out of money. Still, this is not anything reassuring for the public. This is one of the realities of commercialized technology everyone has to deal with.

The intention of ending support for Windows XP was announced back in 2008 so there should have been ample time for companies to upgrade their systems to Windows 7. Unfortunately, not many have paid heed to the announcement (or warning). Authorities are urging the public to pressure companies into upgrading by inquiring and expressing concern about the need to replace Windows OS in bank systems.