Support for the opeartings syetm is due to end in April 8th 2014, which could create web security risks.
In the paper, entitled Panic? What panic? Is the industry in denial over the death of XP?, software director of Avnet Embedded, Nick Donaldson explains that the withdrawal of XP support means the end of security patches and updates, leaving many thousands of XP-based payment devices worldwide vulnerable to “zero day” hacker exploits.
These devices range from chip and PIN terminals, to EPOS tills, to toll barriers, parking machines, and many others.
“Put simply, many businesses are in denial about the dangers that these changes represent,” said Donaldson.
“The businesses that manufacture, distribute and use these payment devices and mechanisms have been lulled into a false sense of security that they can simply deploy Windows 7 or 8 to do the same job as XP – but this just isn’t true. Basically, if these businesses don’t identify workable, PCI-compliant alternatives soon, there will be widescale consequences.”
The withdrawal of support will also mean that the PCI (Payments Card Industry) organisation that oversees the security of online transactions will no longer certify these devices and payment methods and may impose fines of up to £400,000 for non-compliance.
Migration to a newer operating system is difficult because neither Windows 7 nor Windows 8 will run successfully on all the devices that XP currently supports, nor offer PCI-compliant security on them.
The full paper is available to download