Windows 7 & EMV Update

win7_3

As your ATM and security provider we wanted to continue to keep you up to date on the topics of Windows 7 & EMV. I know there is a lot to stress about, but we hope to keep you informed and work hand in hand with you to keep the updates cost effective and in the appropriate timeframe.

WINDOWS 7 – APRIL 8TH 2014 DEADLINE

As we all have heard tons of times up to this point Microsoft is discontinuing support for Windows XP. It is recommended that you migrate, all your ATM to Windows 7 before this date. Upgrading will keep your ATMs up to date with the latest security patches and updates. I assure you that the world will not end if you do not update your ATMs before this date. BUT, and here is the real issue, any ATMs running XP will be more susceptible to being targeted by hackers with the knowledge Microsoft will not be pushing out security patches. With every month after April 8th that you haven’t upgraded you are increasing the risk on your ATM network. If you have not received pricing please contact your sales representative to begin surveys.

ORDERING WINDOWS 7

One very important piece of news is that effective July 1st we will no longer be able to order Microsoft upgrade licenses for your ATMs. Microsoft is discontinuing the OEM field upgrade motion for ATMs for the following embedded family of products: Windows XP/7 for embedded systems, Windows embedded POSReady 2009 and Windows Embedded POSReady 7. For all customers after this date, all Windows upgrades should be fulfilled through the Microsoft Volume licensing (VL) channel. The result of this is that the responsibility of Windows Imaging Creation and Maintenance will fall upon you. All Windows licenses purchased directly through Windows after this date will be supported by Windows directly.

SOLID CORE

If you do plan to use Windows XP after the April 8th deadline we offer Solid Core as an added security on your ATMs. Solid Core locks down the ATM’s software to protect it from malicious code by only allowing authorized software and patches to the ATM. Solid Core is also an added benefit if running Windows 7 in greatly reducing the risk of malicious attack. If you wish to here more on what solid core offers please contact your sales representative to begin discussions.

So what can you do?

– Nothing:  If you chose this option you risk losing PCI compliance.

– You can implement “compensating controls” as part of a migration plan to migrate to Windows 7.   PCI endorses this approach to maintaining compliance on unsupported machines.  The implementation of compensating controls consists of various tactics to enhance security. Solidcore Suite for APTRA has been identified as a compensating control.

– You can purchase Custom Support from Microsoft.  By purchasing this service, customers will then continue to receive Security Updates from Microsoft.  This option is very expensive and is not guaranteed to be available from year to year

We recommend that while you are planning and implementing a Windows 7 migration that you implement a compensating control. Benefits of Compensating Controls;

– Provides time to plan and execute a migration

– Maintains PCI PA-DSS compliance

– Solidcore for APTRA and compensating controls in general are an investment in security which continues after migrating to Windows 7

– Custom Support is a sunk cost whose benefits expire once Windows XP is out of the network

An investment in Solidcore will be lower cost than Custom Support especially after the first year when Custom Support prices escalate sharply.

Please contact us at anytime for more information. This is really the tip of the iceberg for information regarding these topics. In a couple of weeks we will be updating you on the new PCI and EPP compliance and due to Microsoft no longer issuing security updates for Windows XP Professional. This means that customers may lose their PCI-DSS compliance.

EMV

Some of you have decided to upgrade for EMV while also migrating your ATMs to Windows 7. This is a very cost effective way to proceed, but is not required since the deadline for EMV is 2016. Please refer to our article on our news page for more information on EMV

As always all our emails and blogs are posted on the news section of our website for you to reference at anytime.

 

Comments are closed.