Windows XP has now officially reached its end of life but what does this really mean?
Short and simple: Your system will keep running but Microsoft will no longer provide updates or patches for XP and shut down any XP support. If your POS system is running on Windows XP this should be concerning for you.
If you are still using Windows XP on your point of sale you should be aware that your business is at risk.
Everybody must be PCI compliant in order to accept credit cards. This is the responsibility of every business owner and non-complaint operations may expect penalties. PCI standards were designed to increase security but it does not eliminate the risks completely. Breaches can still occur, but if your business has followed the PCI compliance guidelines then your business is protected from fines in amounts that have the potential to ruin it immediately. If you are using Windows XP, you are now out of compliance and may be found liable. PA-DSS (part of PCI compliance) requirements define the following:
“Ensure that all system components and software are protected from known vulnerabilities by installing applicable vendor-supplied security patches. Install critical security patches within one month of release.” (Source: www.pcisecuritystandards.org)
This clearly excludes any application in PA-DSS scope from being compliant.
Keeping your system secure is not a one-time task. It is an ongoing process that your anti-virus software and your operating system (OS) are handling automatically by downloading and applying updates. Windows XP is no longer doing that! The bright side: Annoying reboots are no longer required. The down side: If any major malware is released at this point you cannot expect an update for your protection.
What you should pay attention to before you upgrade.
Is your current POS software compatible?
It sounds strange but there are still a lot of POS solutions that can only run on Windows XP. You may have to change you POS software as well.
Is you hardware compatible?
Unfortunately Windows 7 and 8 are much more demanding when it comes to hardware requirements but fortunately there are good alternatives to help get the most out of your old hardware. If your POS software supports it, any Linux based OS can boost your system performance and increase security.
Stay out of scope
If you decide to upgrade your POS software or payment solution you may consider going with an integrated, out of scope solution. This will increase security and make maintaining PCI compliance easier. If your POS software is out of scope of PCI compliance, then your software will not be a factor in determining your compliance anymore. So, for example, if your software reaches its end of life again, this will not cause an immediate threat to your PCI compliance.
SaaS is the way to go
Software as a service is getting more and more popular for business software solutions. It guarantees you consistent and frequent updates and does not require a large investment for a solution that you do not know how long it will last.
EMV is coming
Eventually, you will have to face a similar situation again and this could be sooner than you think. EMV will be required by October 2015. Think ahead and upgrade to an EMV ready solution.
Have More Questions?
If you feel troubled by this change and have more questions about the situation and what changes you may need to make, please feel free to get in touch with us. We will be able to answer many of your questions and if we can’t then we will get you in touch with the right expert who can. This is not something you want sitting on your back burner for too long! Find out what changes you should be making today!