Bitcoin Magazine

Show Menu
no pci complient

Hold on to Your Bitcoins: Why April 8th 2014 Might be a Defining Moment in Bitcoin History

Mark your calendars for April 8. It’s been a target day of dread for thousands of companies’ IT departments counting down the days before they cross the “finished” line. There are currently armies of IT folks throughout the world in a race to upgrade Microsoft Windows XP operating systems to modern versions of Windows before Microsoft officially pulls the plug. Windows XP is now a 13 year old operating system released only a month before the 9/11 attacks. This was arguably Microsoft’s most popular and longest lasting trusted version of Windows they’ve published. It is so popular that even though they stopped selling it to the public years ago, company IT departments have been slow to migrate to new versions of Windows including Windows 7 or the unpopular Windows 8.

A recent PCWorld Magazine poll shows Windows XP still running on almost 30% of all installed PCs. This is over four times the install base of the 18 month old Windows 8. For the bitcoin community, this matters because of one extremely important factor: PCI compliance. April 8 is the last date Microsoft will publish the latest round of security fixes for Windows XP known in the IT departments as the monthly “Patch Tuesday”. The first reported vulnerability after that date means the computer is unsecured and no longer compliant with the laws established by the PCI organization that grants authority to use the credit card payment networks.

The credit card industry’s authority organization has issued rules and requirements designed to ensure that ALL companies that process, store or transmit credit card information maintain a secure environment. As of April 9, any PC continuing to run Windows XP without the expensive extended Microsoft support contract will likely be considered non compliant. https://www.pcisecuritystandards.org/documents/PCI-WindowsXPV4_(1).pdf

As such, they may be barred from being allowed on the payment network. This includes ATM machines, which the organization estimates to be over 420,000 in the US alone and 95% of them are estimated to be running various versions of Windows XP underneath. This could spell the end for many merchants and ATM machines throughout the world that rely on credit cards or the payment networks under the control of the PCI organization. This message has been communicated regularly by the PCI Security Council but has been largely ignored by the retail industry until the last few months. Visa credit card has been updating its merchant banks on the various security mandates since 2007.

With no legal ability to process credit card transactions, businesses that rely on credit cards to run their operations could be in serious jeopardy. The backup plan has traditionally been cash, or written checks for the few that continue to accept them. Since the internet age, credit cards and Paypal have been the only payment options available to merchants. Many merchants have been in a state of denial about the Windows XP and PCI Compliancy predicament. Without a large IT organization to advise them, smaller companies may find this deadline comes as an unwelcome surprise.

It may be a good time to  hold on to your bitcoins, or better yet – stock up.

 

BTC: 1C6LXez44MSvsVzzuFuP4yXXeyc7Muo7i8

By

Mark has spent close to 25 years working and advising in various IT roles for government, retail and healthcare industries. He graduated with a BS in Business Management from the University of Phoenix which taught nothing about bitcoin. He's into hardware and has a thing for Indian motorcycles.

Get Top Stories Weekly

We respect your email privacy

  • a

    “Since the internet age, there has been no other e-cash system other than bitcoin for companies to use and credit and debit cards are their only option of credit cards, including PayPal.. ”

    Please rewrite this sentance Mark, it broke my brain.

    • Guest

      I wish I could. Think of the word “only” as italicized. See if that soothes your brain a tad.

      • Jason Boyko

        A credit/debit card is their only option of credit cards? This sentence confused me a bit too..

    • Sipstate

      Go get it fixed at the U of Phoenix!

      • Mark Rees

        Good points all. Working on it. ;-)

    • HLTGRP

      The word “sentance” broke my brain.

  • BITCOINER

    U R JOKE“`

  • BITCOINER

    BIG JOKE

  • aa

    Going to be as disastrous as the millennium bug was.

    • Mark Rees

      Big difference. PCI can stop your use – even if you don’t have a bug. Just the perception alone considering what happened with Target and Neiman Marcuswas a PR nightmare. $100,000 per month in possible fines, plus the brand image hit will scare enough to view bitcoin in a new light. I’ve read that PCI will give an automatic FAIL rating for any machines on Windows XP. If you doubt this, do your own research and draw your own conclusions.

  • http://en.wikipedia.org/wiki/Harlem Harlem Philanthropist

    I’m still left in shock that anyone would build an ATM machine using Windows. I am a Windows desktop user, but I use Linux exclusively for anything important on the backbend and would use it for this kind of device.

    • TopherB

      You’ve never seen an ATM with the blue screen of death on it? Always makes me laugh.

  • https://www.facebook.com/drmichaelhardy Michael Hardy

    “non compliant” rather than “noncompliant” or “non-compliant”. I’ve been seeing this a number of times lately, just as if “non” were a stand-alone word rather than a prefix. I wonder if they’ve stopped teaching prefixes.

    Interesting article, though — I hadn’t realized this problem existed. It may be too early to use bitcoins as a widespread solution, since most people who want to make payments over the internet still don’t have bitcoins to pay with.

  • http://www.manual-submissions.com/ Michiel Van Kets

    sounds a lot like the millenium scare which turned out to be total BS

    • Mark Rees

      Convince your issuing bank of that. They are the ones that get fined 5,000 to 100,000 per month for violations, until it just gets revoked. There is no negotiation involved. One the surface I agree, I thought the same thing until I dug into it. More to come.

  • HE3

    I don’t see this as being a tipping point. BTC’s just not mature enough yet.

    • Mark Rees

      Agreed. This is from the perspective of history. Perhaps one day in the future and looking back, maybe this becomes a point of reflection for when attitudes started to change. Perhaps the beginning of a paradigm shift?

  • http://www.roninsteel.com roninsteel

    sounds like a good reason to buy Mac!

  • http://www.honeybadgerofmoney.com frankenmint

    I’m holding onto as much as I can, but I don’t get how ATMs that are not longer compliant is an issue. The service provider would just update to something pci compliant that the atm vendor issues, right? This issue doesnt seem to affect merchant processors as they simply need to be pci compliant. Aren’t the current credit/debit terminals at the register already PCI compliant, I would expect them to be. I suppose i you’re talking about certain POS systems and ATMs, sure those need to be updated or perhaps upgraded.

    • Mark Rees

      Banks are feeling the pressure and are rushing to replace ATM as we speak. http://money.cnn.com/2014/03/04/technology/security/atm-windows-xp/

    • Mark Rees

      Having spent many years in retail, I am still in contact with a very large retailer (Fortune 100). They are hoping to have thousands of machines converted by October. Retail management tend to be narrowly focused on sales and IT is just a necessary evil. CEO’s tend to think in terms of next quarter earning statements, then kick can down the road for IT compliance.

  • logicboom

    So…why is this even an article, there’s no compelling evidence to suggest the shortage of PCI-compliant ATMs will inflate BTC value or even make it more common-place. There’s no regulation in place for BTC and businesses traditionally go with the path of least resistance (buy whatever Win 7 POS their vendor pieces together on April 7th)

    • Mark Rees

      This isn’t a price prediction or financial advice per say. Very few people are well versed in Point of Sale Systems, understand Microsoft Updates and Patching, know of Microsoft issued end of life for Windows XP support, and understand digital currencies. Some people might find it interesting to put all of the cogs together and divine meaning from it. Even if it is just a noteworthy date to be remembered for a pivot point 20 years from now. Hopefully you can see value in that. If re-tweets and Facebook-likes are any indication – some people do.

  • http://bitailers.com Bitailers

    Spot on regarding the scurrying around across IT depts worldwide, but I’m not sure if Bitcoin will feel the effect.

  • RK

    Hey Microsoft if you’re going to stop supporting the Windows XP operating system. Why won’t you give me the source code so I can keep it updated and safe in my own hands. Let me create my own service pack for a change.

  • Mocha Jones

    ATMs don’t generally use regular Windows XP. They use a special embedded version of XP that probably doesn’t have a lot of differences to regular XP. One difference, however, is that the embedded XP still gets security updates for another year.

    • Mark Rees

      There are a whole bunch of banks rushing to upgrade. Many do use windows CE (embedded XP), but enough obviously don’t as we learn from many sources about the rush to replace them. Here’s one more source:
      http://uk.reuters.com/article/2014/03/14/banks-atms-idUKL6N0M345C20140314

      • RobCoin

        Windows CE is NOT XPE.

        • onearmedlove

          Correct, it is the devil.

        • Mark Rees

          Yes you are correct. There are many pieces compatible with both – but they are distinct operating systems. Good catch! But the point is the same. Many ATMs do run on XP embedded, and it will be supported longer, but by the reports I’ve read, banks and owners of atms are ripping and replacing anyway. They don’t want to have to be “reactive” to an attack and plug holes after-the fact.

  • RobCoin

    ‘PCI’ and ‘legally’ don’t belong in the same sentence. PCI was crafted by an Industry Association; nothing legal or not legal about PCI compliance AT ALL.

    • Mark Rees

      At first glance you are correct – until you dig down. PCI does have the right to fine issuing banks for violation. But if banks refuse to pay the fines, it will be settled as a civil matter by expensive business lawyers in the courts under contract law. It would eventually be a legal matter.

      • RobCoin

        Not paying a fine and ending up in court has nothing to do with PCI, it’s just how the legal system works across the board regardless of industry or reason. “With no legal ability to process credit card transactions…” is clearly not meant to mean how you’ve explained it as a civil matter, it’s a FUD line…

  • HE3

    Gotta give author props for being active in the comments.

  • Davis Johnson

    Sounds like Y2K, remember that non event? I wouldn’t hold my breath on this one.

    • RobCoin

      How about the reason Y2K was a non-event was all the preparation and changes that preceded it! If nothing was being done and nothing happened, then you’d have something…

  • Mark Rees

    The hackers are likely lining up. Hackers have an entire after-market industry going and much of it legal. Here’s the story of one middle-man show keeps a confidential list of hackers and those companies and individuals they buy them. Windows XP is the Swiss cheese of operating systems.

    Learn more in this great Forbes article:
    http://www.forbes.com/sites/andygreenberg/2012/03/23/shopping-for-zero-days-an-price-list-for-hackers-secret-software-exploits/

  • Cryptognostic

    Although I’m a crypto currency advocate, I see no relationship between the action of banks to upgrade or replace their ATMs and the adoption of bitcoin as a payout or payment system. Neither banks nor the bitcoin community is ready for such a transition and, likely, won’t be for a long while. Therefore, no real relevance exists between bitcoin and traditional ATMs, except to say that there are more and more bitcoin ATMs becoming available. But, that’s another story.

    • Mark Rees

      If you read this article again, you’ll see there is no mention of bitcoin replacing atms or cash or any direct connection. But if something does go wrong, it’s bound to make a lot of people wonder what exactly that backup plan is… and in a lot of people’s minds, they might be more open to the idea of a secondary cash system. The idea is only that people might begin to change their perception of an alternative currency one day. If that’s the case maybe holding onto a few bitcoins might be worth more to you then.