On 8 April 2014, Microsoft will cease to issue updates and security patches for bugs in Windows XP.  As a result, companies which use Windows XP after this date may no longer be compliant with the Payment Card Industry Data Security Standard (PCI DSS).

The Federal Financial Institutions Examination Council (FFIEC) has highlighted that financial institutions and technology service providers will need to “address the risk from the continued use of XP” beyond 8 April 2014. Companies that provide services such as payment processing must adopt alternative measures to ensure that their systems handling customer credit card information remain PCI DSS compliant.

Additionally, companies which engage service providers in this area should ensure that the company they are engaging is fully compliant with the requirements and provisions should be included in the service agreement to ensure that the service provider has an on-going obligation to remain compliant with the relevant industry standard.

Contributed by Leo Moore.

Twitter:  #PCIDSS  #WindowsXP

Back to Legal News