Payment-processing outages at UK retailers raise reliability issues for cashless transactions.
Posted on in Business News
Recent payment disruptions at supermarkets and fast-food outlets have raised questions on the need for improved reliability.
Payment-processing failures at fast food restaurant McDonalds, supermarkets Tesco and Sainsbury’s, and bakery chain Greggs, highlighted retailers’ increasing reliance on third-party payment systems and the technical issues hampering a global shift from cash to digital payments.
All the affected retailers had problems with order-processing or accepting contactless payments, causing locations to close or to only accept alternative payment methods. While a problem with a software update was cited in some cases, none of the companies have revealed specific details of what occurred, nor have they reported the failure as a cybersecurity incident.
“That could be because even they don’t yet know,” Aaron Press, research director for worldwide payment strategies at IDC told CIO Magazine.
“The layers of technology that go into a payment environment are surprisingly complex,” he said in an interview. “The larger the merchant, the more complex it could be. I suspect the forensics will be done and someone will figure out where responsibility lies.”
Indeed, to fulfil card and other types of cashless payments, retailers must rely on third parties—often a lot of them, noted Narayana Pappu, CEO at Zendata, a provider of data security and privacy compliance solutions.
“There is no way around it,” he said. “Typically, there are 10 intermediaries between a consumer swiping their credit card and a merchant getting paid.”
Most of the retailers reported getting systems back up online within a business day, which is not catastrophic but still longer than usual for software-related updates, IDC’s Press noted. “The surprising thing isn’t that [an update] caused an outage, but for how long,” he said. “Usually, they are resolved very quickly.”
Moreover, the payment issues varied from being categorized as “contactless” to orders being processed online, which suggests that the problem was in one of the pieces of software that carry transactions from customer to vendor, Press said. This might indicate that the problem was with a gateway, which is “the software equivalent of the payment terminal,” though it’s impossible to say for sure, he noted.
The incidents call into question the global retail industry’s increasing reliance on cashless payments, whether they be point-of-sale, device-based, or via some type of online system, and how companies can prepare for the inevitable technology glitch, the occurrence of which is an issue of when, not if, experts said.
“The only guarantee for any computer technology is that it will fail at some point,” observed Tamir Passi, senior product manager at automated software-as-a-service (SaaS) security provider DoControl. “The opportunity here is for payment processors to differentiate themselves on resilience and fast recovery.”
And while cost will always be the primary factor in how a retailer chooses a payment processor, some companies may start factoring in service level agreements or availability metrics as priorities in future contracts, Passi said.
It’s unlikely that the adoption of card, contactless, and other digital retail transactions will slow, but it’s also unlikely that a completely cashless society will become a reality — at least, not for a long time.