ATM cards at risk.

Microsoft Nigeria on Wednesday announced July
14, 2015 as the expiry date for its Windows
Server 2003 Operating System, which powers over
35 million payment cards, popularly known as
Automated Teller Machine cards, currently in
circulation in the country.
The development puts the over 35 million cards
issued by Deposit Money Banks in the country at
risk of hacking by Internet fraudsters.
The Managing Director and Country Manager,
Microsoft Nigeria, Mr. Kabelo Makwane, who
stated this at a press conference on Wednesday
announcing the company’s end-of-support for the
WS 2003 operating system, which has been in
existence for 12 years, however, said the
American company was already in discussion with
Nigerian banks and other organisations using the
OS over the development.
According to him, talks are also on with payment
card companies like Visa and MasterCard, which
own the cards.
“We will formally end support for Microsoft
Windows Server 2003 on July 14, 2015. We will
no longer provide security updates, technical
updates and patches for the Windows Server
2003,” Makwane said.
The Group Director, Microsoft Cloud and
Enterprise Business, Microsoft Nigeria, Mr. Yomi
Alarape, said the company was already advising
Nigerian banks and discussions were currently
ongoing on how the lenders would migrate to the
Windows 2012 or Microsoft Cloud platform within
the shortest possible time.
Alarape, who stressed that Microsoft would not
postpone the July 14 expiry date, noted that the
WS 2003 operating system had exceeded its five-
year normal product life cycle and an extended
life cycle of five years.
He pointed out that the operating system had
been around for 12 years, exceeding the normal
10-year life cycle.
According to the expert, it is expedient for
Nigerian banks and other affected organisations,
including government agencies, to migrate as
soon as possible because it takes an average of
60 to 150 days for moderately large organisation
to migrate from the WS 2003 to the latest
operating systems.
“Just last year, 20 critical security updates were
released by Microsoft for users of the WS 2003
operating system. There is no safe haven for
Window Server 2003. There is no way we can
escape the challenges. The best thing is to
migrate as soon as possible,” Alarape added.
Apart from the risks of being hit by hackers, the
expert said banks that failed to migrate before
the July 14 date ran the risk of being fined by the
Payment Card Industry Data Security Standards,
the global body that regulates banks and other
companies that deal with payment cards.
He said, “Banks that deal with payment cards
issued by Visa and MasterCard may not be
compliant with the Pillar 6.2 of the PCIDSS. Also,
in terms of competiveness, they may not be able
to progress much.
“This actually provides opportunity for the banks
and other companies using WS 2003 to have a
rethink about the way they are doing their
business because it bothers on compliance,
security, costs, competiveness and other issues.”
The Chief Technology Officer, Microsoft Nigeria,
Mr. Olayinka Oni, said the company would engage
with the Central bank of Nigeria and the banks in
order to facilitate discussions that would help the
banks to comply ahead of the July 14 deadline.
He said meetings were also going on to help
governmental organisations using WS 2003 to
comply with the deadline.
“We have learnt our lessons from Window XP.
Stakeholders said the industry was not well
sensitised enough to its expiration last year. This
time, we are taking our time to engage the high-
risk areas. This is why we are engaging the
stakeholders and our customers,” Oni said.
Findings by correspondent revealed that none of
the 20 banks in the country had migrated to the
new platform barely 116 days to the expiration
date.
The mobile telephone number of the Chairman,
Committee of E-Banking Heads, the umbrella body
of heads of electronic banking and card-related
issued in banks, Mr. Tunde Kuponiyi, was
switched off when our correspondent put a call
through to him. A text message sent to the same
number did not also deliver.
The Vice Chairman, CeBIH, Mr. Dele Adeyinka,
said the banks were already in discussion with
Microsoft and the CBN to facilitate their
migration from WS 2003 before the July 14
deadline.
Although the WS 2003 expiration date is close, he
expressed hope that all the banks would beat the
deadline.
Adeyinka said banks knew the implications of
non-compliance and none of them would like to
take such a risk.
“Banks that issue cards are PCIDSS-certified. This
certification is renewed every year. Any bank that
fails to migrate will risk not getting its PCIDSS
certification renewed. So, no bank will want to do
that,” he said.
Source: punch.com