Banks across the country are facing an April 8 deadline to update or further protect their ATMs before Microsoft cuts off tech support for its Windows XP operating system.
If your eyes just glazed over from all the tech-y words, let's break it down:
1. An estimated 95 percent of the ATMs in this country run on an old operating system called Windows XP. (Windows XP debuted 12 years ago, which is ancient in tech terms.)
2. Microsoft has been saying for a while that it will stop offering support to Windows XP on April 8.
3. This means that after that date, Microsoft will no longer issue security updates when it discovers a vulnerability in Windows XP.
4. Therefore, any ATMs that don't upgrade their operating systems by April 8 could be more vulnerable to hacker attacks.
"After end of support, attackers will have an advantage over defenders who continue to run Windows XP," Tim Rains, director of Microsoft's Trustworthy Computing Division, said in a blog post in October.
It's unclear just what will happen after the April 8 deadline, but some experts predict the situation could be a major liability headache for companies whose ATMs run on that system.
Rains says in that blog post that the infection rate on systems running Windows XP is likely to jump after April 8. He notes that the last version of Windows XP to go out of support, Service Pack 2, saw a jump of 66 percent in malware infections in the two years after Microsoft discontinued its support. (The current version that's about to go out of support is Windows XP Service Pack 3.)
Jason Fossen, a trainer for SANS Institute and an expert on Microsoft security, says the price of an exploitable vulnerability generally goes from $35,000 to $160,000, depending on whether it's a newly discovered vulnerability and how well it works, among other factors.
"Now, imagine you have recently discovered a new vulnerability in Windows XP," Fossen says. "If you hold off selling the vulnerability until after April 8, when Microsoft will stop releasing any new XP security patches, then that vulnerability should be useful longer (theoretically, forever) and the price should go up.
"I wouldn't be surprised to see the price of some types of XP vulnerabilities double," Fossen says. "And as the price of XP vulnerabilities goes up, this motivates hackers to work harder to find new ones."
Not many ATMs will be ready
A spokesman with NCR Corp., one of the largest ATM suppliers in the U.S., says it expects only about a third of ATM deployers to meet Microsoft's deadline for upgrading. However, others will come up with different ways to protect themselves.
For instance, JPMorgan Chase bought a one-year extension from Microsoft to continue offering updates while it works to upgrade its ATMs, according to Business Insider. Other companies are buying security packages or making other changes to boost ATM security and stay compliant with the regulations of the PCI Security Standards Council.
Waiting and watching
Consumers should know that ATMs will continue to function after the April 8 deadline, the NCR spokesman says. Plus, consumers have protections in place if their account information is attacked. (See some of Bankrate's recent blogs about this here and here.)
"There is nothing practical consumers can do about ATMs running Windows XP other than to make sure they are customers to banks which will reimburse them for any losses related to ATM hacking," Fossen says. He says banks are the ones who should be more concerned about the deadline.
"For banks with ATMs running Windows XP, the biggest risk will probably be to their reputations if an ATM hacking story hits the media," Fossen says.
Banks, consumers and others using Windows XP have known for a while that the end-of-support deadline was coming, Fossen says. However, upgrading ATMs can be a lengthy, expensive process, experts say.
Terence Devereux with Wincor Nixdorf, which provides services, hardware and software to retailers and retail banks, said in a recent webinar that even if banks "had got their act together and placed orders" for all the necessary equipment to upgrade the ATMs, "it would have been a tough bet for the ATM vendors to supply it."
The NCR spokesman says expenses could include a license for the newer Windows 7 operating system and the cost of buying, testing and distributing new software. He says that older ATMs also may require hardware upgrades or need to be replaced completely.
Have you received any communications from your bank about ATM upgrades?
Follow me on twitter: @allisonsross.