On 8 April 2014, Microsoft ended its support for Windows XP, an operating system (O/S) software that communicates with the computer hardware and allows other programs to operate. This means that computers and ATMs using Windows XP after that date will no longer receive security updates, which expose them to harmful viruses, spyware and other malicious software as well as hacking and denial of service attacks.
Banks have reported taking specific actions to manage the operational concerns. They have adopted phased transition plans where the operating system will be gradually upgraded or replaced by 2016. For this purpose, banks entered into contracts with their ATM vendors or with Microsoft for extended support agreement to ensure continued protection while the transition plan is being carried out.
Mitigating operational controls are also being employed to render ATM systems less vulnerable to threats posed by this development. These include allowing only minimum required ATM functionality, employing private encrypted lines, and running only programs approved for implementation.
With the corrective actions implemented by banks, it can be said that ATMs in the Philippines are adequately protected from the threats posed by the end-of-support of Windows XP.
BSP shall be closely monitoring banks’ efforts relative to their transition from Windows XP environment to a more secure operating system. On-site examination will be conducted to ensure that actions taken by banks are consistent with their transition plan and are compatible with acceptable industry practices.