The world runs on Microsoft Corporation's Windows XP operating system, it seems – including 95% of the globe's automated teller machines. And, even though Microsoft warned customers back in 2007 that support for XP would go away in April 2014, banks such as Bank of America Corp. (NYSE: BAC), Citigroup Inc. (NYSE: C) and JPMorgan Chase & Co. (NYSE: JPM) have yet to upgrade their ATMs.
An expensive proposition
Why have banks waited so long? The usual reason: cost. Older ATMs often need to be taken apart in order to install updates, an expensive affair, and some will need to be scrapped altogether. In the years following the financial crisis, too, banks have had other problems to contend with.
But, neither expense nor a busy post-crisis schedule is stopping banks from purchasing pricey extended service contracts from Microsoft in an effort to keep their ATMs safe from hackers. Because of the surge in banks wanting to upgrade, there is a shortage of workers skilled enough to perform the conversion, which, along with a longer period of time on the extended contract, is likely to push costs even higher.
Banks are just one sector that has been dependent upon the XP operating system. The nation's electric grid and gas utilities are also still using the system, and may face increased security risks due to XP's retirement, according to a recent Wall Street Journal report. Though Microsoft has announced that it will be providing some updates for the operating system until July 14, 2015, it also notes that it can't vouch for the effectiveness of doing so for a system that is no longer supported by the company.
Some ATMs may be in better shape, though. For those machines using Windows XP Embedded or Embedded 2003, which are variations of XP, support will continue until 2016 for the former, and 2019 for the latter.
Does this mean that ATMs will be safe and secure after April 8? Obviously, banks are hoping that paying big money for extended service contracts with Microsoft will ameliorate any risks, but there are no guarantees. For the most part, banks have been maintaining silence on this particular issue.
JPMorgan told Reuters that it will begin changing its own 19,200 ATMs to Windows 7 this July, and hopes to be finished by year's end. Citigroup said that it, too is upgrading 12,000 ATMs, and Bank of America has confirmed that it will ask Microsoft for a contract extension for its network of machines. With security breaches on the rise – and hacking of financial information now a common occurrence – a little more information from banks on this subject would surely be welcomed by customers.