From: The Register
DPA fines and Payment Card Industry fines, it all adds up – watchdog
Banks that use the Windows XP operating system will face a risk to their compliance with payment card data security rules if they continue to operate the software after Microsoft withdraws its extended support services, a US regulatory body has warned.
Microsoft confirmed in 2010 that it would end “extended support” for Windows XP and Office 2003 on 8 April 2014. The Federal Financial Institutions Examination Council (FFIEC) has now called on financial institutions and technology service providers (TSPs) to “address the risk from the continued use of XP” beyond that date.
The FFIEC is an inter-agency body that seeks to promote harmonised practices by regulators of US financial institutions such as the Board of Governors of the Federal Reserve System, the National Credit Union Administration and the Consumer Financial Protection Bureau, among other examples.
“Microsoft will discontinue extended support for XP effective April 8, 2014,” the FFIEC said in a statement. “After this date, Microsoft will no longer provide regular security patches, technical assistance, or support for XP. Financial institutions, TSPs, and other third parties that use XP in personal computers, servers, and purpose-built devices such as automated teller machines (ATM), or that are dependent on applications that require use of XP could be exposed to increased operational risk.
“Potential problems include degradation in the delivery of various products and services, application incompatibilities, and increased potential for data theft and unauthorised additions, deletions, and changes of data. Additionally, financial institutions and TSPs that are subject to the requirements of the Payment Card Industry Data Security Standard (PCI DSS) and continue to use XP after April 8, 2014, may no longer be compliant,” it said.
Leave a Reply