What Window XP's end-of-life means to PCI Compliance
Posted April 15, 2014, 10:16 am by Chris Schramm
Chris Schramm
The day has arrived. R.I.P Windows XP. We loved you. We hated you. And now you are gone.
As of April 8, 2014, Windows XP is no longer supported and updated by Microsoft. It’s called an “end-of-life.”
Microsoft has gone on recording as saying they predict there will be a large increase in malware infections after April 8. Hackers, spammers and cyber criminals are all expected to exploit security holes.
For retail businesses that take credit cards, it is simple. If you are running Windows XP on any of your computers, you are no longer PCI Compliant. It comes down to PCI DSS Requirement 6.2, which states that you will “Ensure that all system components and software are protected from known vulnerabilities by installing applicable vendor-supplied security patches. Install critical security patches within one month of release.”
This requirement comes into effect immediately. A common myth is that a retailer may have until a quarterly exam to make the change from Windows XP.
“Malicious hackers are on the bleeding edge of identifying and exploiting known vulnerabilities,” says Suraj Srinivas, Practice Manager, PCI QSA, CISM, CISA at ANX. “An unsupportable operating system is a PCI compliance violation and increases your likelihood of being compromised.”
ANX has been encouraging users for the past year to update their computers, servers and POS systems to either Windows 7 or 8.1 (which has its own problems).
And while is all seems like a hassle for a small retailer, it’s a necessity. Recently breaches to Target, Michaels, Neiman Marcus, Sally Beauty Supply and California DMV have been all over the news. If these large retailers were exploited, what chance does a small retailer have? You can start by covering the basics. Start with what is easy. While time consuming, updating your system will greatly decrease your chance of a breach.
You must be logged in to post comments.
Comments
No Comments