BR100 Increased By (0.99%)
BR30 Increased By (0.38%)
KSE100 Increased By (1.06%)
KSE30 Increased By (1.14%)
BECO 5.39 Increased By ▲ 0.07 (1.32%)
BML 56.48 Increased By ▲ 1.39 (2.52%)
BOP 35.09 Increased By ▲ 0.05 (0.14%)
CNERGY 8.17 Increased By ▲ 0.08 (0.99%)
DCL 11.44 Increased By ▲ 0.08 (0.7%)
FCCL 57.55 Increased By ▲ 1.36 (2.42%)
FCSC 5.00 Decreased By ▼ -0.01 (-0.2%)
FFL 17.88 Increased By ▲ 0.20 (1.13%)
FNEL 1.25 Increased By ▲ 0.01 (0.81%)
HUMNL 11.17 Increased By ▲ 0.24 (2.2%)
KEL 8.54 Decreased By ▼ -0.03 (-0.35%)
KOSM 6.73 Increased By ▲ 0.24 (3.7%)
MLCF 106.91 Increased By ▲ 0.40 (0.38%)
NBP 198.50 Decreased By ▼ -1.26 (-0.63%)
PACE 11.07 Increased By ▲ 0.05 (0.45%)
PAEL 45.45 Increased By ▲ 0.45 (1%)
PIAHCLA 31.43 Increased By ▲ 2.86 (10.01%)
PIBTL 19.08 Increased By ▲ 0.81 (4.43%)
PPL 242.62 Decreased By ▼ -1.87 (-0.76%)
PRL 35.67 Increased By ▲ 0.73 (2.09%)
PTC 65.52 Decreased By ▼ -0.30 (-0.46%)
SEARL 94.54 Increased By ▲ 0.49 (0.52%)
SSGC 32.08 Increased By ▲ 1.25 (4.05%)
TELE 8.87 Increased By ▲ 0.17 (1.95%)
THCCL 65.66 Increased By ▲ 0.67 (1.03%)
TPLP 10.73 Increased By ▲ 0.47 (4.58%)
TREET 25.11 Increased By ▲ 0.24 (0.97%)
TRG 63.67 Increased By ▲ 0.31 (0.49%)
WAVES 10.70 Increased By ▲ 0.05 (0.47%)
WTL 1.25 Increased By ▲ 0.01 (0.81%)

KARACHI: Microsoft ended support for its Windows 7 embedded products earlier in the year, putting the operating systems at greater security risk and more vulnerable to viruses. All Windows 7 users have stopped receiving software updates since January 14, 2020, which include security updates. Following the end of support, questions have been raised on the security and compliance of the financial institutions, dealing with ATMs, around the world.

There have been concerns on how Pakistan's ATM infrastructure is now more exposed to security threats after expiration of Microsoft support on security-related updates. It is important to note that Pakistan's ATM footprint has expanded to over 15,600 machines across the country, with a little over 500 million transactions conducted in FY20 alone, that amounted to Rs6 trillion. Pakistan's ATM ecosystem is largely brick and mortar, with only a handful of specialized multipurpose ATMs. This usually means low cost and low maintenance hardware requirements. Replacing the existing operating system to ensure security compliance could be a costly affair for some, because the Microsoft recommends replacing existing computers with new ones for optimal results. In some cases, replacement with new computers might even be inevitable, as Windows 10 hardware requirements are significantly higher than those for Window 7. That said, those banks continuing with Windows 7 are not necessarily violating the best practice or the global benchmark Payment Card Industry Data Security Standard (PCI DSS). The relevant clause number 6.2 of the PCI DSS reads: "Protect all system components and software from known vulnerabilities by installing applicable vendor-supplied security patches. Install critical security patches within one month of release." From what it appears, in order to be PCI DSS compliant, all operating systems need to be upgraded from Windows 7 to Windows 10. But Microsoft still offers a window of opportunity to those who wish to continue with the existing operating system and/or are not ready yet to make the switch yet. Microsoft's Extended Security Update (ESU) programme is a last resort option for consumers who need to run Microsoft products past the end of support.

The ESU will be available for three years from the date of end of support, and most components last until January 2023. The customers are required to purchase the ESU updates to receive all security updates post the end of support. The ESU updates will not include design change requests, or new features. Given Pakistan's rather basic ATM infrastructure, any requirements beyond critical security update, may be considered additional. The central bank's compliance department would do well to ensure all banks have at least already opted for the ESU updates, if not the more-recommended switch to Windows 10.

Copyright Business Recorder, 2020

Comments

Comments are closed for this article.