Mark your calendars for April 8. It’s been a target day of dread for thousands of companies’ IT departments counting down the days before they cross the “finished” line. There are currently armies of IT folks throughout the world in a race to upgrade Microsoft Windows XP operating systems to modern versions of Windows before Microsoft officially pulls the plug. Windows XP is now a 13 year old operating system released only a month before the 9/11 attacks. This was arguably Microsoft’s most popular and longest lasting trusted version of Windows they’ve published. It is so popular that even though they stopped selling it to the public years ago, company IT departments have been slow to migrate to new versions of Windows including Windows 7 or the unpopular Windows 8.
A recent PCWorld Magazine poll shows Windows XP still running on almost 30% of all installed PCs. This is over four times the install base of the 18 month old Windows 8. For the bitcoin community, this matters because of one extremely important factor: PCI compliance. April 8 is the last date Microsoft will publish the latest round of security fixes for Windows XP known in the IT departments as the monthly “Patch Tuesday”. The first reported vulnerability after that date means the computer is unsecured and no longer compliant with the laws established by the PCI organization that grants authority to use the credit card payment networks.
The credit card industry’s authority organization has issued rules and requirements designed to ensure that ALL companies that process, store or transmit credit card information maintain a secure environment. As of April 9, any PC continuing to run Windows XP without the expensive extended Microsoft support contract will likely be considered non compliant. https://www.pcisecuritystandards.org/documents/PCI-WindowsXPV4_(1).pdf
As such, they may be barred from being allowed on the payment network. This includes ATM machines, which the organization estimates to be over 420,000 in the US alone and 95% of them are estimated to be running various versions of Windows XP underneath. This could spell the end for many merchants and ATM machines throughout the world that rely on credit cards or the payment networks under the control of the PCI organization. This message has been communicated regularly by the PCI Security Council but has been largely ignored by the retail industry until the last few months. Visa credit card has been updating its merchant banks on the various security mandates since 2007.
With no legal ability to process credit card transactions, businesses that rely on credit cards to run their operations could be in serious jeopardy. The backup plan has traditionally been cash, or written checks for the few that continue to accept them. Since the internet age, credit cards and Paypal have been the only payment options available to merchants. Many merchants have been in a state of denial about the Windows XP and PCI Compliancy predicament. Without a large IT organization to advise them, smaller companies may find this deadline comes as an unwelcome surprise.
It may be a good time to hold on to your bitcoins, or better yet – stock up.