See our static Obsolescence page for the latest news and updates.
Long before “Software as a Service” (SAAS) became popular, Smyth has taken the approach of maintaining our software so the end user can adopt new technologies as they evolve. We have clients who last purchased our then current software over 30 years ago; but by just paying for on-going support they are running on the most modern version of Merchant Plus! software. While some companies rely on planned obsolescence, we plan for obsolescence.
A significant portion of our clients’ support plan is invested in assuring that the rapidly changing platforms and technologies can be supported. Unfortunately, many of these third party companies seem to prefer to plan their obsolescence so the end user has to repurchase a new software license every few years (Microsoft, Intuit, et al). It seems there is always a new product to prepare for and another product being discontinued.
For example, Microsoft only commits to supporting their software for 10 years from initial release. At that time they will discontinue security improvements or accepting incidence reports. This means that operating systems on workstations and servers need to be updated at least every decade. Click here to learn about the Microsoft Product Life cycle.
The following is a list of upcoming dates everyone needs to prepare for. For the security of every company accepting credit card transactions and to meet PCI – Data Security Standards, maintaining the most up-to-date and secure network is paramount to protect the interests of every retailer.
Approaching Microsoft Deadlines
Windows Operating Systems | Date Last Supported |
Windows XP | 4/8/2014 |
Windows Server 2003 | 7/14/2015 |
Windows 7 | 1/14/2020 |
Windows Server 2008 | 1/14/2020 |
Windows SQL Server | Date Last Supported |
SQL Server 2000 | 4/6/2013 |
SQL Server 2005 | 4/12/2016 |
SQL Server 2008/2008 R2 | 7/9/2019 |
The good news about the Server Operating systems is that there is a significant benefit to upgrading to Windows Server 2008 and SQL 2008 R2 – performance. These newer operating systems offer a substantial benefit in being able to utilize increasingly more powerful and relatively less expensive hardware technologies like multiple core processors and the ability to utilize much more RAM memory for processing.
PCI Data Security Standards
The newest Point to Point Encryption (P2Pe) technology has provided our clients with additional security for processing bankcards. Cardholder data no longer passes through the software and is therefore more secure.
It seems that just as we get ahead of the thieves we have to jump again. Here are the effective deadlines for our clients based on the hardware being used:
Card Processing Device | PCI Version | PCI Expiration Date |
Ingenico enTouch 1000 | Not Compliant | Obsolete |
Ingenico 6550 & unencrypted Mag Stripe Readers (MSRs) | Merchant Plus V4 | 4/30/2014 |
UIC 795 encrypted P2Pe | Merchant Plus V5 | 4/30/2017 |
What this means is that by March of next year the older technologies (the Ingenico and non-encrypted MSRs) should be replaced to remain PCI-DSS Compliant. The smart money is on using Point to Point Encryption with an EMV compatible device (see below). We just recently were able to procure the hardware capable of bridging the gap between our current technology and the future we expect (even if the standards aren’t confirmed).
EMV by October 2015
In addition to the PCI requirements the biggest issue on the horizon is the looming requirement to support the EMV (Europay MasterCard and Visa) standard which incorporates chip technology (a smart card) and either PIN or Signature validation. We say either, because the standard has not yet been defined, but they have defined the date for retailers to accept at least 75% of cards using the chip technology by October 2015. As of this date, the liability shifts to the retailer even if older technologies are PCI-DSS compliant.
There is a significant security benefit with chip technology as replication isn’t nearly as simple to hack as a magnetic stripe. Therefore, the card-in-hand transaction is far more secure.
If this date is enforced, it is hard to imagine a retailer being able to use EMV most of the time since the card issuers aren’t sending out cards with chips. In fact, they are already sending out MSR cards with expiration dates beyond October 2015. As far as I know, you can only get an EMV supported card upon request, for folks traveling to any other continent than North America and Antarctica. Is this date nothing more than a sneaky way to pass the liability down to the retailer? As an industry we need to start asking these questions of our bankcard companies!
Merchant Plus!
Nor are we immune to the need to deprecate older versions that can no longer be supported. And we do have several deadlines ahead.
Our next release, version 4.5, will be the last version that can run on SQL 2000, which as noted above is no longer supported by Microsoft. Merchant Plus! version 5 will include updates to allow us to adopt browser based mobile solutions. We do know that version 5 will not be available for any clients still running SQL 2000.
At Smyth Retail we constantly strive to keep your software current. Considering that a change in any hardware or software in a solution can “break” a working system and that any one change might require changes in related systems, it’s a challenge to keep up. Before adapting to the newest technology, all our partners must adopt it as well. It seems that as soon as we catch up we start all over again!
Let us help you navigate these waters. Contact Steve Geiger to discuss your upgrade options to remain current.
Fred Pylman says
Tim, Great information to know. Thanks for sharing!