Microsoft software upgrade: 35 million ATM cards at risk

Microsoft Nigeria on Wednesday announced July 14, 2015 as the expiry date for its Windows Server 2003, which powers over 35 million payment cards, popularly known as Automated Teller Machine cards, currently in circulation in the country.

The development puts the over 35 million cards issued by Deposit Money Banks in the country at risk of hacking by Internet fraudsters.

The Group Director, Microsoft Cloud and Enterprise Business, Microsoft Nigeria, Mr. Yomi Alarape, who stated this at a press conference on Wednesday announcing the company’s end-of-support for the WS 2003, which has been in existence for 12 years, however, said the American company was already in discussion with Nigerian banks and other organisations using the OS over the development.

Alarape said the company was already advising Nigerian banks and discussions were currently ongoing on how the lenders would migrate to the Windows 2012 or Microsoft Cloud platform within the shortest possible time.

Alarape, who stressed that Microsoft would not postpone the July 14 expiry date, noted that the WS 2003 had exceeded its five-year normal product life cycle and an extended life cycle of five years.

He pointed out that the WS 2003 had been around for 12 years, exceeding the normal 10-year life cycle.

According to the expert, it is expedient for Nigerian banks and other affected organisations, including government agencies, to migrate as soon as possible because it takes an average of 60 to 150 days for moderately large organisation to migrate from the WS 2003 to the latest software.

“Just last year, 20 critical security updates were released by Microsoft for users of the WS 2003. There is no safe haven for Window Server 2003. There is no way we can escape the challenges. The best thing is to migrate as soon as possible,” Alarape added.

He said, “This actually provides opportunity for the banks and other companies using WS 2003 to have a rethink about the way they are doing their business because it bothers on compliance, security, costs, competiveness and other issues.”

The Chief Technology Officer, Microsoft Nigeria, Mr. Olayinka Oni, said the company had engaged with the Central bank of Nigeria and the banks in order to facilitate discussions that would help the banks to comply ahead of the July 14 deadline.

He said meetings were also going on to help governmental organisations using WS 2003 to comply with the deadline.

“We have learnt our lessons from Window XP. Stakeholders said the industry was not well sensitised enough to its expiration last year. This time, we are taking our time to engage the high-risk areas. This is why we are engaging the stakeholders and our customers,” Oni said.

Findings by correspondent revealed that none of the 20 banks in the country had migrated to the new platform barely 116 days to the expiration date.

The mobile telephone number of the Chairman, Committee of E-Banking Heads, the umbrella body of heads of electronic banking and card-related issued in banks, Mr. Tunde Kuponiyi, was switched off when our correspondent put a call through to him. A text message sent to the same number did not also deliver.

The Vice Chairman, CeBIH, Mr. Dele Adeyinka, said the banks were already in discussion with Microsoft and the CBN to facilitate their migration from WS 2003 before the July 14 deadline.

Although the WS 2003 expiration date is close, he expressed hope that all the banks would beat the deadline.

Adeyinka said banks knew the implications of non-compliance and none of them would like to take such a risk.

“Banks that issue cards are PCIDSS-certified. This certification is renewed every year. Any bank that fails to migrate will risk not getting its PCIDSS certification renewed. So, no bank will want to do that,” he said.