ATMs face shutdown as banks scramble to update IT
Published 21/01/2014 | 02:30
HUNDREDS of ATM machines face the threat of disruption within weeks as banks scramble to fix an IT security problem that could shut machines down.
The security threat, caused by outdated hardware and obsolete software, has banks rushing to deploy emergency fixes to ATM machines or face new-found risks from malicious software and viruses.
If infected, ATM machines could freeze or shut down unexpectedly.
Spokesmen for Ulster Bank, Bank Of Ireland and AIB said that they were working to address the situation but were confident customers would not face any disruption.
The ATM threat comes from a shutdown in software that Microsoft is to introduce on April 8.
More than 80pc of Irish ATM machines run Windows XP, for which Microsoft is set to cease issuing software updates - meaning breakdowns or vulnerabilities to hacking will no longer be fixed.
The Microsoft move will mean no more security patches issued for the XP computers and systems, which is causing banks and other organisations to scramble for temporary fixes.
In total, there are more than 3,300 ATM machines in Ireland. Bank Of Ireland has 1,400 of these, while Ulster Bank has 1,100. AIB has 756.
The XP shutdown will affect at least a quarter of all computers worldwide and at least one in 10 Irish PCs, according to the Irish web analytics firm Statcounter. A large chunk of Irish public sector PCs also still use the operating system.
A spokesman for NCR, one of the two biggest ATM machine manufacturers, said that it believed ATMs would continue to work "normally" after April 8.
"Financial institutions that do not migrate to Windows 7 immediately will have plans in place to maintain the integrity and security of their systems," said the NCR spokesman.
"NCR has plans to support both financial institutions who do not immediately migrate their ATM networks, as well as those interested in upgrading their user experience through Windows 7."
IT security experts say computers using Windows XP are "inherently" more insecure than modern computer systems.
"Windows XP is still an inherently insecure platform compared to others, even with the patches," said Brian Honan, founder of BH Consulting, an IT security firm. "Computer viruses and malware is much easier to get a grip on machines using it."
Microsoft executives in Ireland say that the software giant has warned business for several years that it would cease security support for machines and devices using Windows XP.
"Windows XP is 21 times more insecure than Windows 8," said Patrick Ward, Windows executive at Microsoft Ireland. "I can assure you that we will not be providing continued support for it after April 8."
Mr Ward said the security threats to Windows XP have multiplied, making it a much riskier operating system to use than others.
"When Windows XP was launched in 2001, hacking and viruses consisted of individuals scoring points against big corporates. Now, what you get is organised crime and professionals seeking to do this.
"When you walk into some retailers, you can still see point-of-sale machines running XP," said Mr Ward. "We're trying to make them aware of the change that is coming."
While many of Ireland's ATM machines use Windows XP, some use a derivative system called Windows XP Embedded. These systems will not immediately be affected by the April 8 shutdown. Microsoft will also provide limited assistance on Windows XP after April 8 to customers who pay a much higher support fee and who convince the software giant that they are in transition to either Windows 7 or Windows 8.
"This will be limited," said Mr Ward. "It's not intended as something to kick the can down the road."