Over 25 million Nigerian payment cards will be prone to hacking from July 2015 when Microsoft Corporation will end its support for the Windows Server 2003 and Windows Server 2003 R2 software.
Microsoft officials told our correspondent on Monday that the decision to end support for both software was part of the corporation’s normal product support lifecycle policies.
Most of the Automatic Teller Machines in the country and other parts of the world run Microsoft software. However, a greater percentage of the ATMs of Nigerian banks run on the WS 2003 and WS 2003 R2.
From the Central Bank of Nigeria’s records released last month, Deposit Money Banks in the country lost N40bn to online frauds in 2013 alone.
According to experts, Microsoft’s decision will mean the end of updates and patches for combating security issues on the ATMs as well as loss of compliance and regulatory certifications by the banks.
It will also mean the end for support on applications and programmes for organisations, data centres and servers running the operating system after July 2015.
Financial analysts are of the view that lack of compliance poses a huge threat to local financial service providers’ partnerships with global payment platforms like Visa and MasterCard Incorporated.
Investigations showed that of the 25 million e-payment cards in circulation, 18 million were issued by Verve.
According to the Chief Executive Officer, Wragby Business Solutions and Technologies Limited, Mr. Gbenga Iluyemi, Verve, a local operator, has over the years built up strategic partnerships with MasterCard and Visa, which have consequently given birth to various co-branded cards.
Iluyemi said, “Payment cards and Automated Teller Machines in the country that run on Windows Server 2003 will be impacted from a security perspective if they are not migrated to a latest technology platform.
“Between now and 2015, it is crucial for companies to make adequate plans. They will need to migrate to Windows 2008 or Windows 2012 R2.”
He, however, said there was a need for organisations to conduct critical assessment of their respective Information Technology environments before embarking on a migration process.
“You need to do an assessment of how many servers are running on the platform. You need to understand how many apps are sitting on the server. After that, you can do a risk assessment before deciding which of the latest platforms to adopt,” Iluyemi added.
The Public Relations Lead, West Africa Anglophone, Microsoft, Mr. Oluwamuyemi Orimolade, said running WS03 after the product’s end of support date might expose the customer business to compliance and security risks.
“As the threat landscape evolves, unsupported and unpatched environments are vulnerable to security risks. As a frame of reference, 37 critical updates were released in 2013 for the WS03,” he explained.
Orimolade stated that if a company was still using the WS03, this might result in an officially recognised control failure by an internal or external audit body, leading to suspension of certifications, and/or public notification of the company’s inability to maintain its systems and customer information.
“Staying put on the old platform costs more in the end. Hardware maintenance and advanced security systems will drive up costs,” he said.
Orimolade added that failing to take advantage of new technologies and application opportunities could hinder a company’s success.
Market observers are, however, of the view that the risk of businesses running applications on unsupported Windows Server 2003 platform is enormous.
They argued that old-fashioned methods of migrating machines introduce high risk to critical line-of-business applications and add no value when it comes to modernising the infrastructure, increasing security and compliance risks. [Punch]