Windows XP is an old operating system. And it’s just about to become obsolete. The Federal Financial Institutions Examination Council and the Office of the Comptroller of the Currency are the latest to join the chorus calling for financial institutions to review the operating system on their PCs and understand the potential risks involved once Microsoft stops supporting Windows XP on April 8, 2014.
The joint statement issued Oct. 7 is something of a shot across the bow for banks and credit unions that have not yet taken steps to address Windows XP’s end of life, which “could present operational risks to financial institutions, technology service providers and to activities supported by other third parties,” according to an OCC release. With about six months to go before Microsoft ceases its support of XP, now’s as good a time as any for institutions to start coming up with a game plan and either working to address those potential risks of keeping the old operating system. Those risks, while broad, can mean the end of future security patches, technical support and the potential for critical software to stop functioning properly as vendors move their focus solely to the more recent Windows 7 or Windows 8 (here’s a recent comparison we’ve done of the two).
The FFIEC joint statement continues:
Potential problems include degradation in the delivery of various products and services, application incompatibilities, and increased potential for data theft and unauthorized additions, deletions, and changes of data. Additionally, financial institutions and TSPs that are subject to the requirements of the Payment Card Industry Data Security Standard (PCI DSS) and continue to use XP after April 8, 2014, may no longer be compliant.
While the end of life of an old operating system won’t garner the same sort of popular attention in the industry media as the latest innovations in payments, mobile banking or core platforms, it still has the potential to affect a significant number of financial institutions. As of early summer, polling by Safe Systems indicated as much of one-third of all devices at financial institutions were still running Windows XP. For those many banks and credit unions as do still run Windows XP on their machines, the FFIEC recommends:
- Performing risk assessments
- Selecting appropriate mitications
- Conducting appropriate implementation planning
- Monitoring and reporting
We’ve seen recently that Windows 8 adoption still lags Windows 7, and in many instances, Safe Systems has been working with financial institutions to upgrade old machines to Windows 7, which provides a stable, familiar platform for many users. Indeed, it would seem many have started to heed the warnings and migrate away from Windows XP. Now that the regulatory agencies have chimed in to remind financial institutions about the pending end of life for the old operating system, it might be worth paying attention.