Modern day point of sale (POS) terminals, including self-check-out lanes and kiosks, are at their heart industrialized PCs or tablets running POS software, and supporting a wide range of co-located peripherals such as touch screens, pinpads, scanners, receipt printers and cash drawers. They are subject to the same upgrade and support cycles as other computer platforms and are equally dependent on the continued support of operating system and application providers. The harsh reality? If provider support end of life occurs, the implications for retailers are significant.
The number of impacted devices, particularly POS terminals distributed over a large retail store estate, can result in massive upgrade costs – all to simply ensure continuity of support. This support for POS is not only fundamental to revenues, but also to the maintenance of PCI-DSS compliance. Without it, these terminals can’t access the latest updates and patches, exposing the retailer to much higher security and compliance risks.
On average, retailers are now responding to cyber-attacks twice a week due to aging in-store infrastructure, particularly across dispersed geographic locations. Considering there are upcoming POS end of support dates, such as October 2021 for POSReady 7, placing commonly used POS software out of compliance, it is no surprise that action needs to be taken. For large scale retailers with multiple POS devices, the expense of hardware replacement could run into millions. The impending end-of-support dates must be considered within a retailer’s IT investment strategy in order to avoid expensive last-minute fire drills.
Implication for Retailers
Legacy POS hardware terminals purchased prior to 2014 should closely examine which generation of processors their POS uses. If a vendor no longer supports an application or operating system, then there will be no software patches available. In this circumstance, retailers can no longer use the software and still be PCI-DSS compliant without appropriate compensating controls. Without action, this will be the situation for impacted POS systems from 2021. Given that a planned upgrade for large retailers can run for 18-to-24 months, prompt action will be required.
Questions Retailers Should Address Regarding POS End of Life
There are a number of key questions that retailers must answer to determine the impact and possible solution to this challenge:
- Which operating system is our POS running, and which processor is it running on?
- All POS terminals with Microsoft Windows Embedded POSReady 7 (or POS Ready 2009) face compliance and support challenges.
- All POS terminals that contain Intel processors older than third generation are not supported to run Windows 10 IoT Enterprise 64-bit. A hardware upgrade may be required to facilitate a move to Windows 10.
- All POS terminals that contain modern Intel processors from 3rd generation onwards are not supported to run Windows 10 IoT Enterprise 32-bit. This poses a difficult conundrum for retailers with 32-bit applications as they seek to move to Windows 10.
- Is PCI/DSS compliance of key importance to our business operation?
- The implications of compliance and non-compliance vary based on sector, geography and technology. If compliance is of paramount importance, then actions need to be taken by October 2021.
- Are there plans in place to replace POS hardware, or does my strategy require that we extend the life of current systems beyond October 2021?
- If retailers are planning to upgrade their POS hardware in the next 3 years, then this issue will be solved; however, the hardware replacement costs could be substantial. If not, remedial action will need to be taken to extend the life of current hardware beyond October 2021.
As end of support for various POS terminals approach, retailers need to be prepared to answer these key questions and have a plan of action in place in order to manage a smooth transition. End of life and end of support issues can be complex, requiring an analysis of supported operating system software and the processors on which it runs. If an operating system moves out of support and an upgrade to a new operating system is required, it is not a given that the new operating system will run on existing hardware. Preparing ahead is key.
-Nick East, Co-Founder and CEO, Zynstra