By Jeffrey Green (@epaymentsguy)
Much has been said, especially in trade press, over the past year or so about Microsoft’s decision to discontinue updating its Windows XP operating system, effective April 8. In making that decision, users of ATMs and point-of-sale terminals and systems, many of which rely on XP to operate, face potential risk down the road as Microsoft no longer provides security updates to fend against the types of fraud.
Debate over whether Microsoft is making the change simply to force folks to buy newer products aside, the companyt has said it will continue providing anti-malware support for XP through July 2015. Still, ATM owners and merchants should at least now be considering their alternative options. There really isn’t a rush because thieves won’t automatically be able to hack into XP-based systems right away, but over time the built-in protections will not longer suffice.
For ATM owners, the likely options include moving to Windows 7 or Windows 8.1. Costly as that may be, especially for large-scale deployers, the choice is relatively simple. Still, some 95 percent of ATMs reportedly still run on XP, so the potential for eventual increased vulnerability is high.
It gets a bit more interesting for POS terminals and systems, including stand-alone terminals and electronic cash registers (ECRs). Merchants now have less-expensive alternatives in tablet-based systems, which already are causing a disruptive influence on traditional terminal and system providers. Indeed, Microsoft’s plans to stop upgrading security for its Windows XP operating system will leave many PC-based POS solutions and stand-alone terminals using the operating system out of compliance with the Payment Card Industry Data Security Standard.
Retailers choosing to switch to Windows 7 or Windows 8 should check first to make sure the applications they run through either operating system comply with the Payment Application Data Security Standard. Many merchants, however, are shopping around for newer types of POS solutions, including tablets that use cloud-based systems. As such, the potential for disruption in the market is quite sizable.
Some merchants will face pressure from resellers to continue using stand-alone terminals. But they should be wary of such attempts because it could mean they simply haven’t come up with a tablet-based reseller strategy. Resellers often make much of their revenue on hardware sales or leases, and with consumer-grade tablets, such Apple’s iPad or Google’s Android devices, such opportunities quickly dry up.
Tablet-based POS software available today can support so many more functions than ECRs at about the same price. Moreover, the cloud-based processing and mobility inherent with tablets makes the much more expensive PC-based systems unnecessary for some merchant types.
Many newer retailers, especially restaurants and bars, are opting to go with tablets, and they can work well with basic card readers that attach to them. But if they need more complex readers to handle the daily grind, they should pursue purpose-built tablets with built-in card readers.
Various companies offer purpose-built devices, including Clover/First Data, Micros and Leaf. Processors supporting POS software for consumer-built tablets include Apriva, Fiserv, Groupon, I Love Velvet, Intuit, PayPal, Revel Systems, ShopKeep POS, Spindle, Square and Vantiv.