March 11, 2014

Compliance Blog warns of ATM security risks

March 12, 2014 – NAFCU's Compliance Blog today reminds credit unions that many ATM operators will face increased risk of malware after April 8, when Microsoft ends its technical support for the Windows XP operating system.

NAFCU Regulatory Intern Kavitha Subramanian writes that roughly 95 percent of the 420,000 ATMs in the country rely on Windows XP, and NCUA estimates that 75 percent of credit unions use the system. She quotes the ATM Industry Association saying only one-third of ATM operators believe they will be able to change over to Windows 7 before the deadline.

"Though credit unions and other ATM operators have been working to shift their ATMs to Windows 7 in order to keep up with industry and security standards, the updated software requires more sophisticated machines," Subramanian writes. "For many, it has been an expensive and arduous process that involves replacing some ATMs entirely and updating the components in thousands of others, costing some institutions thousands of dollars per machine.

"If you are unsure what the system specifications are for your credit union's ATM machines, you should reach out to your ATM vendor or service provider as soon as possible," she advises.

NCUA has advised credit unions that are unable to switch in time to develop a risk-management process for the continued use of XP.