We notice you are visiting from a U.S. Internet provider. 
02/02/2010 -
Some merchants may have received a letter from a POS terminal vendor saying that Microsoft will discontinue its support of the Windows 200 operating system effective July 1, 2010, a move that would make any merchants using the OS immediately non-compliant.However, merchants should not heed this warning, as it is unfounded in the PCI DSS, StorefrontBacktalk.com reported.
The payment processing news website cited the FAQ section of the PCI Security Standards Council website, which showed that operating systems are out of scope for the PCI DSS.
"Systems that use operating systems that are no longer supported with new security patches by the vendor, OEM or developer are not necessarily out of compliance. Compensating controls could address risks posed by using older operating systems," StorefrontBacktalk.com cited from the PCI SSC.
The council highlights monitoring firewall logs more frequently than required, as well as isolating and segmenting POS systems from the internet and other systems in the cardholder data environment through the use of firewalls, as possible compensating controls.
Paying attention to in-scope versus out-of-scope data can go a long way to simplify - and reduce the cost of - the payment processing security compliance process, experts advise.
