ATMs and operating systems Overview for ATMIA Africa forum

Tonbridge, England August 2016 Today o o Windows CE o Arising alternatives o Industry RFI Windows 10 - comparison Overview o The ATM industry has been working diligently to deal with XP end of life. Many deployers upgraded ATMs to Windows 7 (end of mainstream support 2015, end of extended support 2020) o Windows 10 was released in 2015 and will be supported at least through 2025 o Microsoft has stepped up in the fight with malware with new security features. This means additional hardware requirements which may not be supported by older ATMs/PCs o ATM deployers need to evaluate which OS to use for XP upgrades, which OS to use for new ATMs and when to upgrade Windows 7 & XP when support ends Windows OS’ life cycles

Client operating Latest update or End of End of extended systems service pack mainstream support support

Windows XP Service Pack 3 April 14, 2009 April 8, 2014

Windows Vista Service Pack 2 April 10, 2012 April 11, 2017

Windows 7 * Service Pack 1 January 13, 2015 January 14, 2020

Windows 8 .1 January 9, 2018 January 10, 2023

Windows 10, released in N/A October 13, 2020 October 14, 2025 July 2015 **

Source Microsoft.com System requirements - compared

10 8/8.1 7 Vista XP Prof. PAE, NX, PAE, NX, SSE2

support SSE2 New Processor 1GHz 1/2 GHz (32/64 1 GHz 1 GHz 300MHz Speed bit processor) CPU 32/64 bit 32/64 bit 32/64 bit 32/64 bit Memory 2GB RAM 2GB RAM 1GB RAM 1 GB RAM 128 MB RAM Hard disk 50 GB 16/20 GB 16/20 GB 15 GB 1.5 GB (32/64 bit CPU) (32/64 bit

CPU) (not to XP) to (not Similar to 7 to Similar Graphic card MS DirectX 9 MS DirectX 9 MS DirectX 9 MS DirectX 9 Super VGA graphics graphics device graphics graphics device with with WDDM device with device with WDDM driver driver WDDM driver WDDM driver Security • TPM 1.2+  

New • Secureboot(UEFI)   • Device Guard*  * DeviceGuard requires the 64 bit implementation, creating high impact In comparison, a Q3 ‘15 delivered low-end Dell PC exceeds the above with 1TB disk, 3.7GHz clock and 6GB memory PAE, NX, SSE2 – old features Anecdotic evidence some of those features not supported by very old PCs.

• Physical Address Extension (PAE) is a memory management feature for the IA-32 architecture, first introduced in the Pro. It defines a table hierarchy of three levels, with table entries of 64 bits each instead of 32, allowing these CPUs to a physical address space larger than 4 gigabytes (232 bytes).

• The NX bit, which stands for No-eXecute, is a technology used in CPUs to segregate areas of memory for use by either storage of processor instructions (code) or for storage of data. . . starting with Windows XP Service Pack 2 and Service Pack 1, the NX features were implemented for the first time on the architecture.

• Streaming SIMD Extensions 2, is one of the SIMD (Single Instruction, Multiple Data) processor supplementary instruction sets first introduced by Intel with the initial version of the in 2001. Competing chip-maker AMD added support for SSE2 with the introduction of their and ranges of AMD6464-bit CPUs in 2003.

Source Wikepedia TPM1.2+,SecureBoot, DeviceGuard More “new” versions” which may be already supported by existing PCs. o (TPM) is an international standard for a , which is a dedicated designed to secure hardware by integrating cryptographic keys into devices . . . optional support in and later o Secure Boot is a security standard developed by members of the PC industry to help make sure that your PC boots using only software that is trusted by the PC manufacturer. The following versions of Windows support Secure Boot: Windows 8.1, Windows Server 2012 R2, Windows RT 8.1, Windows 8, Windows Server 2012, and Windows RT. o Device Guard is a combination of hardware and software security features that, when configured together, will lock a device down so that it can only run trusted applications. To get Device Guard working, a supported IOMMU setup must be present in the PC or device. However, AMD and Intel processors, and even certain ARM and MIPS cores, have had IOMMU protection mechanisms built-in for a while now. Intel calls its IOMMU tech VT-d; AMD prefers AMD-Vi. Support existing base

Database/desk study Compatibility agent o Either you specify the o Try this at your own computer components, your ATM manufacturer provides those • Beyond GHz and GB o Validate for each component Windows 10 compatibility o Right click on the windows icon and you are offered a compatibility check The road to Windows 10 The options

Spread out the Windows Compliance 7 cost over the longest (as late as possible) period possible

Gradual Minimise roll-out costs & (roll-out during planned benefit from malware maintenance, e.g. W7) protection W10 for Skylake ATMs

Priority Business case for (as soon as possible to benefit from malware protection malware protection) Recommended activities deployers

Determine roll-out HW & SW strategy readiness Stability W10 Desk study benefits & support o Every operator can analyse readiness themselves • Typically GHz & GBs are widely expected to be ready for W10, question mark security features o Please familiarise yourself with W10 releases such as Treshold 2 (aka SP1) and Redstone (aka 10.1) o Once HW & Software vendors announce their readiness date, operators can determine roll-out strategy And now for something completely different . . . WINDOWS CE USERS About CE and Windows 10 IoT core o Microsoft has announced a CE successor • Windows 10 IoT Core • No support last version (CE 2013) after 10 October 2023 o Characteristics • Downgraded version of Windows 10, same security features • App based, win32 code not supported (so CEN XFS not supported) • Dramatically lower hardware requirements, no end date o Recommendations/conclusions • Support of CEN XFS might have given W10 IoT Core a wider appeal • CE users to assess your software requirements & discuss with your manufacturer ALTERNATIVES TO WINDOWS Alternative operating systems o Hot spot deployment of alternative operating systems o • India – low-cost/maintenance ATMs • Brazil – alternative o Windows CE • US, Canada, UK – comprehensive retail offering o Android • The young pretender Android o Different initiatives • Different market segments • New types (mobile initiated) • Proof-of-concept stage o Big ticket items • Despite increasing CEN XFS endorsement, no emerging Android standards • Compatibility existing back-office systems and R&D INDUSTRY RFI Industry RFI PC based o Rationale • Need for alternatives to Windows Device drivers • Need for proper standardisation • Need for products o ATMIA subcommittee Barcode EPP Cash Anti- reader dispenser skimming o Input by Payment Redesign App App NFC included, External Required through EMV external interface interviews/questionnaires Device-to-device to deployers Tap card IoT based Summary o First vendor has announced W10 readiness • ATM operators are recommended to look at W10 any time soon • Note the complexity o CE 2013 users to work with their suppliers to look at the impact of the 2023 support sunset o Android in the PoC phase o Industry RFI to drive further standardisation Contact us

Eric de Putter www.paymentredesign.com +44 7950 449188 +31 20 808 2151 [email protected]