Have you heard of Luther George Simjian?
He was a visionary. A luminary. A prolific inventor with 219 patents who in 1939 believed his Bankmatic Automated Teller Machine would change the financial landscape forever. Despite resistance from banks, he was unremitting in his ideas and transcended all doubt we he induced Citibank to give it a 6-month trial.
Today, according to research from Statistic Brain, there are approximately 2.2 million ATMs in use around the global. Furthermore, the U.S Government Accountability Office published a report that says there are an estimated 420,000 ATMs in the United States alone.
NCR is the largest ATM manufacturer in the world. In a video interview for NCR Corporation, Robert Johnson, marketing director for NCR, said the user interface for ATM’s hasn’t changed in the past 20 years. This immutability of the ATM is a huge liability because it means the technology that processes our financial transactions is grossly antiquated.
But this is the thing: ATMs are computers and computers need operating systems. And guess what operating system most ATMs use?
In fact, Robert Johnson told @nicksummers at BusinessWeek today that over 95% of the worlds ATMs rely on Windows XP. In other words, over 2 million of the total 2.2 million ATMs in the world run on sorely outdated software.
The most exasperating fact is that Microsoft is slated to end support for Windows XP on April 8th 2014. This means those 2 million ATMs won’t be able to install any security updates. And no security updates means the operating system will be vulnerable and become susceptible to being compromised.
Now, it’s one thing if you’re running Windows XP on your personal computer, it’s another if you using it at the office; however, when you’re a huge bank with entire fleets of ATMs running Windows XP you have a huge problem.
The Federal Trade Commission has provisions in place under the Fair Credit Billing Act to give you the right to refuse credit card payment on products or services that you didn’t get; however, debit cards are another story. Sure, you can report fraudulent debit card transactions but the process is burdensome. Ultimately banks can’t afford to have their reputations bruised because of rudimentary security practices.
The threat is real and unless banks get serious about maintaining and decommissioning antiquated systems, there will always be the possibility of making the front page of the New York Times because the Syrian Electronic Army exploited a vulnerability in your bank machines.
The quasi-good news is that Microsoft is cognizant of the issue and two days ago announced continued support for antimalware sigatures for XP through July 14th 2015 but this does nothing for the much need security patches. The bottom line is banks will either need to trash or upgrade their dated ATMs and they need to act fast.
Depending on the size of the bank and number ATMs in operation, this can cost tens of thousands of dollars, especially if new hardware is required. And given that most ATMs are almost two decades old, new hardware is a very real necessity.
Ultimately, this is a herculean task that will take months to implement but in light of the recent security breaches in the news these days, people are more concerned than ever that their personal information stays safe.
Do you think banks will upgrade their archaic ATMs before the April deadline? Let me know in the comments.