Table of Contents
Who should read this?
Merchants who use Windows devices to process payments or manage systems that could affect payment security (POS workstations, back-office PCs connected to the payment network).
What’s changing
Microsoft will stop providing security updates for Windows 10 after October 14, 2025. That doesn’t mean your computer stops working—but it does mean newly discovered vulnerabilities won’t be patched on Windows 10 unless you’re in Microsoft’s Extended Security Updates (ESU) program.
Here’s what that means in practice—especially for devices that process payments or can affect payment security (e.g., POS workstations, back-office PCs connected to the payment network):
- No more routine security fixes on standard Windows 10. New bugs and exploits discovered after Oct 14 won’t be patched for regular Windows 10 users. Unpatched systems become easier targets over time.
- ESU is a temporary bridge, not a forever plan. If you must stay on Windows 10 for a bit, ESU provides critical security updates for a limited period and typically requires an annual fee per device. It doesn’t add new features or long-term support—it just buys time to finish your upgrade.
- Vendor dependencies can cascade. Some POS, driver, and peripheral vendors align their support with Microsoft’s timelines. As Windows 10 ages, you may see fewer compatible updates from third parties (e.g., payment device drivers, printers, scanners).
- PCI angle: Patchability is the core issue. PCI DSS expects systems in—or able to influence—the cardholder data environment to be kept up to date with security patches. Once an OS is unsupported (no patches), compliance becomes harder to justify without ESU or an upgrade.
- Scope matters. If a Windows 10 device touches payments directly or sits on the same network segment, it could affect payment security, and treat it as in scope. A front-office laptop used only for marketing might be out of scope; a back-office PC that connects to POS reports likely isn’t.
- Plan the change, don’t rush it. The cleanest path is upgrading in phases to Windows 11, testing POS flows and peripherals as you go. If timelines are tight, enroll eligible devices in ESU while you complete the upgrade plan.
How to tell what you’re running
- Settings → System → About (check Windows specifications), or
- Win + R → type winver → Enter.
Your options
- Upgrade to Windows 11 on payment-related devices.
- Use ESU (Extended Security Updates) on Windows 10 as a temporary bridge if needed—then schedule the upgrade.
Quick checklist
- Make a list of devices that process or can influence payments.
- Note each device’s Windows version and role.
- Decide: upgrade now or ESU then upgrade.
- Test peripherals (readers, printers, POS) before wide rollout.
- Document your plan and dates for your next SAQ/assessment.
Bottom line: Nothing breaks on October 15—but the risk and compliance burden goes up for payment-adjacent Windows 10 devices. Use ESU if you need a grace period, and set clear dates to move those systems to a supported, patchable platform.