We are finding more and more sites that are still running Windows XPThese sites are not PCI-compliant!

Sites cannot be PCI-compliant if they have any Windows XP terminals on their network at all even if these terminals are not used for the POS system.  The only version of “Windows XP” that is still compliant is POSReady 2009.  However, even POSReady 2009 does not support the current transport encryption protocols, so we do not recommend that sites use this operating system for any new terminals.  Terminals running POSReady 2009 should be “phased out” or upgraded to a newer operating system whenever possible in order to provide the most secure environment for credit card processing.

Windows XP is no longer compliant because Microsoft is no longer releasing patches for any newly discovered security vulnerabilities, so hackers will able to access these systems more easily.  If there is any system on the network running Windows XP, it could allow access to the other terminals also.

If you are running Windows XP, please contact us or your dealer during Standard Office Hours Monday through Friday to discuss the best plan to move back into compliance. 

More from the PCI Security Standards…