On April 8th, Microsoft is ending tech support for Windows XP. That means banks and some private vendors are under pressure to upgrade their ATMs or their systems may be more vulnerable.
Ninety-five percent of the world’s ATMs run Windows XP and upgrading is an expensive proposition. It not only entails changing the operating system but adding new hardware on each ATM, too.
And, by the way, if you’re still running XP on your computer, you might want to consider upgrading to Windows 7 or 8. When Windows XP tech support ends this month, your computer may be more susceptible to hackers and viruses.
ROBIN YOUNG, HOST:
From NPR and WBUR Boston, I'm Robin Young. It's HERE AND NOW.
Microsoft releases its Windows 8.1 update today at the Build 2014 Conference in San Francisco and ends its tech support for the popular Windows XP operating system on April 8th, which is somewhat pulling the technological rug out from under users of this 12-year-old program who include, by the way, 30 percent of all computer users and 95 percent - almost all - of the world's ATMs.
Microsoft says it will sell tech support to banks that don't upgrade their ATMs, but our next guest says that could cost a bank $1 million or more. Let's take a look. Suzanne Cluckey is the editor of ATM Marketplace, a website for the ATM industry. And, Suzanne, we get notices all the time to upgrade. So why is this a bigger problem for ATMs?
SUZANNE CLUCKEY: Well, the problem is that it involves every aspect of the system, from the ATM itself and the software that runs it. Then it's linking into the system. It's a closed network. So that has to be managed at the network level.
YOUNG: And there's hardware.
CLUCKEY: And there's hardware, right. And for the ATM operators, a lot of these older machines cannot be upgraded to run Windows 7. So you're looking at machines that will either have to be, you know, just basically taken to the dump or will have to be upgraded at great expense.
YOUNG: We understand that some of the banks are choosing to upgrade to Windows 7. Why not Windows 8? Why not make the big leap as long as they have to do it?
CLUCKEY: Well, the banks are really kind of locked in to doing what the vendors will support. NCR, Diebold, Wincor Nixdorf, all of the major vendors have come out with drivers for the machines, for certain models of the machines. And Windows 7 has been tried. It's stable. I think that the vendors are looking at it as the safest way to go right now.
YOUNG: Yeah. And we understand that a huge percentage of them are not going to be ready in time. By one estimate, only 15 percent of bank ATMs in the U.S. will be on Windows 7 by April 8th, by the deadline. So what happens then? Do consumers know which of the ATMs might not be upgraded because we understand that without the upgrade, they're more vulnerable to hacking and malware?
CLUCKEY: The consumer will not know, and there's really no reason that the consumer would have to know because their information is protected by the bank. And so the bank is responsible should anything happen to their information. So they're covered. The bank is the one that really has to bear the responsibility and the risk if they're not upgraded.
YOUNG: What kind of things could happen by April 8th if someone hasn't upgraded?
CLUCKEY: Well, it is possible, you know, in a theoretical world, it's possible that somebody could begin to exploit the weaknesses in the system and begin to find ways in to get at consumer information, the data that's exchanged during an ATM transaction. But, really, the fact of the matter is that the transaction is much more at risk physically in the machine.
You know, when somebody sticks their card in the machine, if they haven't checked to see if there's a skimmer on the machine, there may be a device that's actually reading their card information and sending it to some guy who's making counterfeit cards.
YOUNG: Whoa, whoa, whoa. How do you check for a skimmer on the machine?
CLUCKEY: It's a visual check. I mean, we tell people all the time: if you drive up to the machine that you normally use and something seems off about the card reader, you know, when you stick your card in, if it doesn't look quite right, you know, do a double check and make sure. You can also look for - they have these incredibly small pinhole cameras that can read people's PIN numbers as they're entering their PIN. So what you want to make sure you do is cover your PIN entry as you're putting in that number so it can't be seen even if there's a camera on the ATM.
And something else that people really should think about is the vulnerability of their XP systems at home. If you're on Windows XP at home, that means that you are not getting those patches either. So, really, your home computer should be of much greater concern to you than the computer at your bank because they have backup security that you might not have on your Windows XP home computer.
YOUNG: Suzanne Cluckey, editor of ATM Marketplace, thanks so much.
CLUCKEY: Thank you.
YOUNG: You're listening to HERE AND NOW. Transcript provided by NPR, Copyright NPR.