About 35 million Automated Teller Machine (ATM) cards currently in circulation in the country will be at risk of hacking by Internet fraudsters when Microsoft’s Windows Server 2003 Operating System expires on July 14, 2015.
Microsoft had announced an extension of the expiry date for its Windows Server 2003 Operating System, which powers the ATM cards issued by banks in the country from July 13 2010 to July 14, 2015.
At a press conference on Wednesday, tKabelo Makwane, managing director and country manager, Microsoft Nigeria, disclosed that Microsoft was already discussing with Nigerian banks and other organisations using the Windows Server 2003 over the development.
“We will formally end support for Microsoft Windows Server 2003 on July 14, 2015. We will no longer provide security updates, technical updates and patches for the Windows Server 2003,” Makwane said, adding that talks were ongoing with payment card companies like Visa and MasterCard, which own the ATM cards.
Advertisement
According to Yomi Alarape, group director, cloud and enterprise unit, Microsoft Nigeria, it is important for banks and other affected organisations to migrate as soon as possible, as it takes an average of 60 to 150 days for moderately large organisations to migrate from the WS 2003 to the latest operating systems.
“Just last year, 20 critical security updates were released by Microsoft for users of the WS 2003 operating system. There is no safe haven for Window Server 2003. There is no way we can escape the challenges. The best thing is to migrate as soon as possible,” he said.
“Banks that deal with ATM cards issued by Visa and MasterCard may not be compliant with the Pillar 6.2 of the PCIDSS. Also, in terms of competiveness, they may not be able to progress much.
Advertisement
“This actually provides opportunity for the banks and other companies using WS 2003 to have a rethink about the way they are doing their business because it bothers on compliance, security, costs, competiveness and other issues.”
Apart from the risks of being hit by hackers, banks that failed to migrate before the expiry of the server run the risk of being fined by the Payment Card Industry Data Security Standards, the global body that regulates banks and other companies that deal with payment cards and will not get its security certification renewed.
Add a comment