It’s like a Happy Halloween turning into a Nightmare on Elm Street. The sunset notice for Windows XP has restaurants running scared and scrambling to upgrade to Windows 7.
On April 8, 2014, support for Windows XP will end. Given the short notice, is it time to panic? While there is reason to be concerned, there are other options if you decide not to upgrade and disrupt your business during the busy holiday season.
The first is to contact your POS provider and schedule the upgrade for the XP operating system. I’m sure your POS vendor is swamped with requests, so now would be the time to get on their implementation calendar.
The second option is to look at utilizing point-to-point encryption (P2PE) to give you more time to work through the best option for your circumstances. Not only would this option give you more time to develop your upgrade strategy, but you could also gain the benefits of potential PCI scope reduction and significant compliance cost savings.
Is Utilizing P2PE a Silver Bullet Option for XP?
It could be. Even in the event of a security breach, if you’re encrypting card data at the read head, that is outside of any operations of the XP operating system, so you would not be exposed. Merchant Link has clients today that have taken this approach and their QSA has told them that removing sensitive data from their systems in this way takes the XP issue out of the equation. As with all things PCI, please consult with your QSA, and if you have any questions about utilizing point-to-point encryption on your XP-based POS systems, let us know.
Dealing with this XP issue can feel like you’re being chased by Freddy Krueger, but in this case it may truly just be a bad dream.
.
