Published March 19, 2014
Your quick trip to an ATM might soon become a security risk if banks don’t act fast.
Banks have less than a month to upgrade their Automatic Teller Machines’ (ATM) software programs, which currently operate on Microsoft XP (MSFT). On April 8, Microsoft will end its tech support for that operating system, meaning it will no longer provide security updates to patch holes leaving machines vulnerable to cyberattacks.
According a recent article in Hareetz.com, a Middle Eastern news site, 95% of the world's ATMs, are supported by XP, but Microsoft declined to confirm.
Microsoft says that since it announced in September 2007 that support for Windows XP would end, it has been “working hard” to inform its customers and help them migrate to a modern operating system.
“After April 8, 2014, Windows XP users will no longer receive new security updates, non-security hotfixes, free or paid assisted options or online technical content updates from Microsoft,” a spokesperson said in an email message. “Enterprise customers, who have not completed their migration by April 8,2014, can avail of Custom Support. Custom Support is not designed to extend the life of Windows XP. It should be considered a last resort to help bridge the gap during a migration process to a modern OS (like Windows 7 or Windows 8.1).”
Microsoft wouldn’t confirm how many banks have updated their ATMs, and pointed directly to financial institutions to determine what their plans were in the wake of the program expiration. JPMorgan Chase (JPM) confirmed to FOXBusiness.com that it had purchased a custom technology support agreement from the tech giant. Microsoft declined to comment on the cost of extension agreements.
TD Bank confirmed it moved to upgrade with its own software provider.
“In anticipation of tech support for Windows XP expiring, we began working with our service provider, Diebold, to upgrade the core software of our 1,900 US ATMs to Windows 7 in February 2014,” Jim Grimmer, Head of North American ATMs, TD Bank, said in an email statement.
Citibank (C) told FBN it was in the process of migrating away from Windows XP. “…We have plans in place that will maintain the protection of our ATMs during this transition. The protection of our customers’ accounts is our number one priority, and our security experts are leaders in the field,” said Andrew Brent, Citi spokesperson via email.
Bank of America (BAC) did not respond to request for comment by press time.
If an ATM does not upgrade its security software, Adam Levin, co-founder of IdentityTheft911, says the biggest danger to consumers is the holes in security for hackers that can become available when operating on a system that can no longer be updated.
“Hackers will be able to, in essence, sit behind screens and gather information as it comes in,” Levin says. “This is a constant, even if the ATM machine is not in a secure location.”
He recommends asking banks if they’ve updated their system and to change any pin numbers. Also, consumers should monitor their bank and credit statements and sign up for transactional monitoring, to know what’s happening with accounts.
“Never, in your life, use universal passwords, pins, IDs or more,” he says. “If you use the same pin everywhere, and one ATM is breached, they can follow you around and know your pin. It’s important to mix it up and not to use decipherable pins.”