Microsoft XP and Future Security Challenges

Mark Freidin

8th Mar 2014

Beginning Saturday, March 8, nearly a third of all computers will begin to display a very serious message.  Microsoft will stop providing support for its Windows XP operating system (OS) As of April 8, 2014. Security updates and patches will no longer be available. In anticipation of this, it is widely accepted that cybercriminals are stockpiling exploits to take advantage of this looming security chasm.

So what’s this got to do with eCommerce. Probably not much directly, however it does affect many smaller business that run their operations on second hand systems often still running Windows XP. The explosion of Netbooks a few years ago also resurected the popularity of Windows XP and many of these devices are in use every day.

Quite a few medium to larger organisations still utilise Windows XP as the cost to upgrade to a new platform across hundreds or even thousands of PC’s across an organisation can be financially crippling and inconvenient. Retailers running point of Sale (POS) systems often require nothing more than the operating system and their POS software, so the need to upgrade to Windows 7 or Windows 8 has not existed.

With the growing popularity of Click and Collect, many of these retailers now face the potential of another headache as the data on their store based XP machines including personal details of customers, even if for a short period before they are transmitted to or received by  head office or cloud based servers become exposed through the potential security holes that will appear and await cybercriminals nimble electronic fingers.

Perhaps even more frightening, it is estimated that nearly 95 percent of the world ‘s ATMs are also powered by Windows XP, potentially making a huge volume of payment card transactions vulnerable to future breaches.

To help draw awareness of the issue, today March 8, the PCI Security Standards Council is releasing an infographic explaining the pending XP security challenge. This is the most recent in a series of educational infographics the Council has produced to educate the public and merchants to security challenges and provide simple remedies for mitigating risk. Other PCI SSC infographic posters cover: password security; reducing fraud with EMV, or chip and pin technology; and ten simple steps to increase payment security.