Banks and vendors delay Windows 10 migration despite security fears

The ATM industry is experiencing a “general delay” in its attempts to upgrade from Windows 7 to Windows 10, despite the deadline being only a year away.

“Unfortunately, the ATM industry [is moving] to Windows 10 with a large delay, as hardware vendors only made the Windows 10 XFS drivers available in 2017,” says Carmine Evangelista, CTO at Auriga. “On the other hand, the banks moved to Windows 7 quite recently – there is a general delay in the whole ecosystem.”

Microsoft ended mainstream support for Windows 7 in January 2015, but has since maintained extended support, which will end on January 14, 2020. Under extended support, Microsoft no longer adds new features or offers complimentary support, but still provides bug fixes and patches.

“As with the migration from Windows XP to Windows 7, the big issue will be security patches,” says Evangelista. “After the end of operating system (OS) support, ATMs can be vulnerable to security threats that cannot be fixed.” ATM vendors Diebold Nixdorf and NCR have recently issued warnings about the threat of attacks on machines. The US Secret Service released a statement in January 2018 warning of the “sophisticated” use of “software and hardware” attacks on vulnerable ATMs.

“Technically the industry is absolutely ready [to migrate] but practically we anticipate that there will be both early adopters and laggards, so I would rate us at 50%,” said Mike Lee, CEO of the ATM Industry Association (ATMIA) in an email.

“It is interesting to note that all the hardware vendors decided to use a feature of Windows 10, the capability to host old 32 bit programs in the WOW (windows on windows) subsystem, to reuse the same kind of XFS layer in Windows 7. The reason for this decision is that the use of Windows 10’s native architecture – based on 64bit APIs – would require a rewrite of the whole XFS [extensions for financial services] layer and ATM program.”

“We have defined the roadmap for the mainstream migration from W7 to W10 and explored alternatives like Linux hypervisor as a solution to migrate to W10 without the need for costly hardware upgrades. Since the industry, through ATMIA committees, has been planning at least since 2016 I would say the migration from Window 7 to Windows 10 will be a hundred times more efficient than the migration from XP to Windows 7.”

According to a November 2018 report from Positive Technologies, a majority of ATMs are still running XP, despite support for that operating system ending in April 2014. Positive Technologies tested 26 machines from “various” manufacturers and service providers. 15 were found to be running Windows XP.

“The upcoming migrations to new operating systems, as a result of end-of-support for existing systems, should be viewed in a broader context of the widespread adoption of dynamic technologies ranging from smartphones to cloud architectures,” reads an ATMIA statement on the 2020 deadline. “ATMIA is currently coordinating an international Industry RFI process for Next Generation ATMs and will work with members and stakeholders to make significant industry recommendations in due course for an innovative future for ATMs.

Evangelista expects the Windows 10 migration to be the last for a while. “With Windows 10 [Microsoft’s] release management of Windows changed: currently it is not planned that there will be a major new Windows version but only updates of Windows 10.” While some ATM providers are switching from Microsoft to Linux, Evangelista believes that there are some issues present when using other operating systems.

“The big issue about the use of other OS is that currently only Windows is providing a stable environment – the standards API CEN/XFS – for multivendor applications. Other OS can be supported using J/XFS [an alternative API], which is not mature enough to guarantee the same performance of XFS, or by using a dedicated solution from the hardware vendors.”

• Read more under:
• BankingTech
• InsurTech