Banks Struggle To Get ATMs Off Windows XP - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

12:22 PM

Banks Struggle To Get ATMs Off Windows XP

Most ATMS still run on Windows XP, according to one industry estimate. With less than nine months until Microsoft stops supporting the OS, a credit union exec explains why upgrading is so painful for financial institutions.

8 Windows 8 Apps Under $25
8 Windows 8 Apps Under $25
(click image for larger view and for slideshow)
They're so commonplace that you'd be forgiven for forgetting that they're computers, albeit limited to a single application: Handling cash.

Automated teller machines, better known as ATMs, are indeed computers, though, even if we don't think of them in the traditional "PC" sense. There's a screen, a keypad, a user interface. Under the hood, there's memory, a processor and other hardware. There's also an operating system -- and if you had to bet your checking account, the smart money would say your ATM runs on Windows XP.

"It's like any other Windows-based PC," said John Campbell, manager of the automated delivery systems department at Virginia Credit Union, in an interview. "I tell the new hires here at work 'remember, your ATM is just this' -- and I point to the PC on their desk. And just like a PC at work or at home, Windows gets grumpy [in certain scenarios]."

Most ATMs used to run on IBM's OS/2. That changed in the early 2000s, according to Campbell, when IBM began phasing out OS/2 and later announced it would end support for the software. Most OS/2 terminals were upgraded to Windows XP-based systems. Although that enabled a good deal more functionality and potential applications, it added an equal dose of complexity.

[ Where is Microsoft's operating system headed? Read Microsoft's Dilemma: Windows 8.1 May Not Be Enough. ]

"Nobody was ever hacked in OS/2," Campbell said, noting the popularity of Windows as a target for online criminals. "There's a lot more behind-the-scenes work you've got to do with these ATMs than you ever had to do in the OS/2 world."

Virginia Credit Union, with more than $2 billion in assets, operates 16 branches that count state employees as their largest customer segment. The bank's 34 ATMs have all been upgraded during the last several years to modern, full-functioning terminals running on XP. That gives it much in common with the rest of the ATM industry.

Dean Stewart, senior director of core product solutions at Diebold, one of the major ATM service providers, estimated that around 75% of ATMs in the U.S. are based on XP. Microsoft will end support for the popular but aged OS on April 8, 2014, less than nine months from now.

Although some banks and credit unions, Campbell's included, are busy upgrading their fleets to Windows 7 before next April, you don't need to be a math major to figure out that plenty of cash machines will still be running XP after the support cutoff. "It's not a simple flip," Campbell said.

Atop the list of problems that poses: running an unsupported OS would render a financial institution non-compliant with payment card industry (PCI) requirements. If declared non-compliant in an audit, fines could run thousands -- even tens of thousands -- of dollars per month, a potentially crippling cost for smaller financial institutions, according to Diebold's Stewart.

There are lots reasons why XP remains the dominant software powering so many ATMs. Several of them should sound familiar to IT pros that handle OS migrations for their corporate PC portfolios: Budget, hardware performance, and compatibility issues should make a few heads nod in agreement.

Other factors are specific to the banking industry and the operational complexity of managing ATMs. To the end user, ATMs are quite simple: They take deposits and spit out cash. For folks in Campbell's shoes, they're expensive and complicated machines that require a lot of upkeep.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
1 of 2
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Apprentice
1/16/2014 | 8:20:59 PM
re: Banks Struggle To Get ATMs Off Windows XP
How hard could it be to build an embedded PC footprint as a cash transaction device? Cheap 5-10 year old mainboards, a cold single core processor, 1GB ram(if even that), a Disk On Module with a write filter copy of Windows 7 Embedded or maybe WinPE if desperate. This isn't difficult with Slackware or some minimalist linux either. It's just an operating system.
User Rank: Apprentice
8/1/2013 | 11:53:43 AM
re: Banks Struggle To Get ATMs Off Windows XP
I agree fully with your statement of it being more hardware than software. I have witnessed first hand some of these smaller banks and the hardware they have is archaic (Serial ports and proprietary add-on cards). I think Microsoft has been fair about how long they will support XP. The OS is 13 years old and yes it was a favorite for most of us, but it is time to move on and upgrade. It is something all companies go through anymore and these small banks just need to bite the bullet and open their pocketbooks to get this corrected.
User Rank: Ninja
7/30/2013 | 5:51:00 PM
re: Banks Struggle To Get ATMs Off Windows XP
I don't understand why banks are having such a tough time. Granted, XP's resource requirements are different than WIndows 7 so a new motherboard is probably a good idea but aside from installers and applications that do not follow guidelines dealing with registry access and where to write user-context files, Windows 7 should run Windows XP applications. However, if the ATMs make use of older peripheral standards such as serial ports, parallel ports or other custom expansion boards that interact with the ATM's mechanics, that could cause a lot of fustration. Although there are USB-based adapters for these older technologies, I've found many to have extremely poor quality drivers leading to unreliable peripheral operation. An unreliable ATM or one that fails to feed bills (but thinks it did) would lead to unhappy customers and high support costs.

IMO -- this is probably not as much of a software problem as it is a hardware problem.

Regarding being unsupported and failing PCI audits -- that's a huge issue but I don't think it will be a security Armageddon. If banks lock down network access and use white listing technology that monitors executables on disk and in memory (plus NX or XD chip tech that prevents code execution in data areas), the system is pretty difficult to compromise.
CIOs Face Decisions on Remote Work for Post-Pandemic Future
Joao-Pierre S. Ruth, Senior Writer,  2/19/2021
11 Ways DevOps Is Evolving
Lisa Morgan, Freelance Writer,  2/18/2021
CRM Trends 2021: How the Pandemic Altered Customer Behavior Forever
Jessica Davis, Senior Editor, Enterprise Apps,  2/18/2021
White Papers
Register for InformationWeek Newsletters
The State of Cloud Computing - Fall 2020
The State of Cloud Computing - Fall 2020
Download this report to compare how cloud usage and spending patterns have changed in 2020, and how respondents think they'll evolve over the next two years.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you.
Flash Poll