Software 'Armageddon' Could Expose ATMs to Hackers

A looming software change may leave some ATMs vulnerable to hackers.

March 18, 2014 -- Be on the lookout for any suspicious activity in your bank accounts starting early next month, a software expert recommends. That's because on April 8 Microsoft will cease to offer tech support for Windows XP, the system used by 95 percent of the world's ATMs.

In the U.S., says Scott Kinka, chief technology officer for Evolve IP, a provider of such cloud-based services as virtual servers, virtual desktops and disaster recovery, some 200,000 ATMs rely on Windows XP. He calls April 8--the day Microsoft stops supporting the software—an "XP Armageddon."

Microsoft plans to bring office software to the iPad

Only 15 percent of financial institutions, says Kinka, are expected to have compensated for the loss of support before the deadline. One reason, he tells ABC News, is the sheer magnitude and expense of switching over to different software. While new ATMs can be updated remotely, "over the wire," older machines require a physical visit by a technician who makes a hands-on upgrade.

Machines whose software is not updated will become more vulnerable to hackers, he says.

Jeffrey Dudash of NCR, the nation's largest ATM manufacturer, insists the hacking threat has been exaggerated. Asked how big a problem the software switch may be for consumers, he tells ABC News: "The word 'problem' is problematic."

For starters, he points out, consumers accounts are FDIC insured; so, even if a hacker sought to exploit the opportunity, the ordinary small depositor would not lose a cent. If anybody needs to be worried, it's banks. The reason, he says, is that once Microsoft stops its support for XP, any potential liability for fraud shifts from Microsoft to "the ATM deployer"—i.e., the banks. "If you're still running XP, you're liable for fraud," he says. Most institutions, he contends, already have plans in place for maintaining security. "We anticipate that one-third of institutions will meet the deadline."

BofA unveils live chat ATMs

For whom does the coming switch represent an opportunity? For Microsoft, both experts agree, since some banks are making individual arrangements with Microsoft to continue providing customized XP service. Beyond that, both say that Windows 7 is the logical and likely successor software for ATMs to use, once they quit XP.

Consumers, says Dudash, would benefit from banks' software upgrade, since ATMs could then offer an interface more like the one consumers now have with their cell phones and mobile devices. Physical buttons could be eliminated from the terminal. The ATM could offer scrolling and more touch features.

Gang steals cash-filled ATMs in brazen heist

Kinka doesn't disagree. The coming deadline is an "Armageddon" only for banks, he clarifies, not consumers. For banks it's a big expense and a pain in the neck. But consumers don't need to stay awake nights worrying they'll lose their money.

"Consumers don't need to make a run on the bank," says Kinka. "They don't need to be taking out their savings and burying cash in the backyard."

Yes, he says, they should keep a watchful eye for any suspicious activity in their accounts after the changeover. They probably should be, he says, a little more diligent that normal. But apart from that, they can sleep soundly.