In the beginning, I only marginally noticed the restrictions on card payments in Germany since last week, as I was not affected when I was abroad. Who could have expected these significant problems to last so long at many big-name stores and chains?
This article in Golem was therefore my personal highlight this week. Especially the background of Borns IT- und Windows Blog is fascinating.
At the first reading it looks like a typical IT-failure that you read about every day. But a closer look leaves my jaw hanging down.
As it appears to me, some businesses and probably especially their service providers seem to have a problem with processes. If the cause is really an expired certificate due to an update that has not been installed for 5 months, then things must have pretty much gone wrong.
The widely discussed exception and extension and the EndOfLife of the device is not the problem or surprising in my view.
Without wanting to offend anyone, I am very surprised especially despite the PCI certification of the device that the processes allow updates not to be installed, are they not? Was the content of the updates (updated certificate) not clearly communicated or did no one care anymore in regards to the upcoming device replacement anyway? But there must be a system behind it, if the failure is in several large chains – or do they all have the same service provider? It is precisely these open questions that amaze me.
Maybe we are lucky that these events only led to a restriction in availability? However, I haven’t found any more detailed information and don’t want to speculate too much without sufficient detailed knowledge – especially not from a distance.
On the other hand, I think it is good that BaFin has announced to investigate the incident. I hope the results will then also become known.
Sources:
- https://www.golem.de/news/verifone-h5000-was-hinter-den-ausfaellen-der-ec-kartenterminals-steckt-2205-165742.html
- https://www.verifone.com/de/de/devices/stationaer-pin-pad/h5000
- https://www.borncity.com/blog/2022/05/27/strung-der-verifone-h5000-ec-kartenlesegerte-einige-insights-zur-zertifikateproblematik/
- https://www.borncity.com/blog/2022/05/29/strung-der-verifone-h5000-ec-kartenlesegerte-neue-infos-29-5-2022/
- https://finanz-szene.de/payments/wie-es-zum-terminal-gau-kam-und-die-unruehmliche-rolle-der-dk/
Translated with www.DeepL.com/Translator (free version)