35 Million ATM Cards at Risk over End of Widow Server 2003 OS-Microsoft

Microsoft Nigeria has announced July 14, 2015 as the expiry date for its Windows Server 2003 Operating System,(OS) which powers over 35 million payment cards, popularly known as Automated Teller Machine cards (ATM), currently being used in the country.

This development according to Microsoft has put the over 35 million cards issued by Deposit Money Banks in the country at risk of hacking by Internet fraudsters.

The Managing Director and Country Manager, Microsoft Nigeria, Mr. Kabelo Makwane, stated this at a press conference while announcing the company’s end-of-support for the WS 2003 operating system, which has been in existence for 12 years.

Makwane, however, said the American company was already in discussion with Nigerian banks and other organisations using the OS over the development, adding that talks are also on with payment card companies like Visa and MasterCard, which own the cards.

“We will formally end support for Microsoft Windows Server 2003 on July 14, 2015. We will no longer provide security updates, technical updates and patches for the Windows Server 2003,” Makwane said.

The Group Director, Microsoft Cloud and Enterprise Business, Microsoft Nigeria, Mr. Yomi Alarape, said the company was already advising Nigerian banks and discussions were currently ongoing on how the lenders would migrate to the Windows 2012 or Microsoft Cloud platform within the shortest possible time.

Alarape, affirmed that Microsoft would not postpone the July 14 expiry date, adding that the WS 2003 operating system had exceeded its five-year normal product life cycle and an extended life cycle of five years.

He revealed that the operating system had been around for 12 years, exceeding the normal 10-year life cycle.

According to him, it is convenient for Nigerian banks and other affected organisations, including government agencies, to migrate as soon as possible because it takes an average of 60 to 150 days for moderately large organisation to migrate from the WS 2003 to the latest operating systems.

“Just last year, 20 critical security updates were released by Microsoft for users of the WS 2003 operating system. There is no safe haven for Window Server 2003. There is no way we can escape the challenges. The best thing is to migrate as soon as possible,” he added.

He explained that apart from the risks of being hit by hackers, the banks that failed to migrate before the July 14 date ran the risk of being fined by the Payment Card Industry Data Security Standards, the global body that regulates banks and other companies that deal with payment cards.

In his words: “Banks that deal with payment cards issued by Visa and MasterCard may not be compliant with the Pillar 6.2 of the PCIDSS. Also, in terms of competiveness, they may not be able to progress much. This actually provides opportunity for the banks and other companies using WS 2003 to have a rethink about the way they are doing their business because it bothers on compliance, security, costs, competiveness and other issues.”

The Chief Technology Officer, Microsoft Nigeria, Mr. Olayinka Oni, said the company would engage with the Central bank of Nigeria, banks and governmental organisations using WS 2003 in order to facilitate discussions that would help them to comply ahead of the July 14 deadline.

“We have learnt our lessons from Window XP. Stakeholders said the industry was not well sensitised enough to its expiration last year. This time, we are taking our time to engage the high-risk areas. This is why we are engaging the stakeholders and our customers,” Oni said.

Investigation by Daily Times revealed that none of the 20 banks in the country had migrated to the new platform 116 days to the expiration date.

picture of Managing Director and Country Manager, Microsoft Nigeria, Mr. Kabelo Makwane


About the author

Ihesiulo Grace

Leave a Comment