This article is brought to you by
Retail Technology Review:
German card payments catastrophe and what this means for the UK retailers – insights from Computop.
German retailers and merchants were hit hard last week due to the German card payment catastrophe which saw the failure of thousands of Verifone H5000 terminals.
With Verifone H5000 being a major terminal of choice in the UK, Ralf Gladis, CEO and Co-Founder of global payment service provider Computop, shares some key insights into how this happened and, importantly, why UK retailers and merchants should be on the alert:
What does an outage of this magnitude mean for retailers?
The simultaneous failure of thousands of Verifone terminals throughout Germany should raise alarm for retailers and merchants in the UK. There is a very real risk of a failure like this affecting other markets and the impact to business is not only in terms of loss of sales for retailers, but also high effort and costs. Although all customers could also pay cash, the outage catches everyone unprepared, and who still has enough cash in their wallet to pay for the week’s shopping?
Many customers will shop one door away at the competition when they see the sign “No card payment possible”. Then there are discussions with customers who want to use their loyalty cards. Last but not least, the effort to update or replace thousands of terminals is very high – and the additional cash logistics create costs for more secure cash transports and more change.
What is the technical procedure for repairing a malfunction of this magnitude, what are the differences between the various software concepts of card terminals?
Verifone has not yet disclosed all the details. But we know through Payone that it is supposed to be a problem with digital certificates. Such certificates are used to authenticate and encrypt communication. If the certificates are invalid or expired, the terminals cannot establish communication and make a payment. One solution is remote maintenance: each individual H5000 terminal receives a software update with valid certificates.
However, remote maintenance only works via a communication connection. Anyone who has switched off or restarted their terminal cannot establish a new connection and will not receive an update from the cloud. Then the device would probably have to be replaced or the update would have to be installed manually. A huge effort. If the terminal still has an open connection to the payment provider, a new connection does not need to be established. Then an update would be possible.
The use of digital certificates is not without alternative. Certificates, which always have an expiry date, can be dispensed with if the payment provider protects the communication with point-to-point encryption, for example. For this purpose, there is the PCI P2PE standard (point-to-point encryption), which we use at Computop. P2PE is much more secure than digital certificates, but many payment providers shy away from the effort required for P2PE. Retailers should re-evaluate this in the future.
Another difference: the Verifone H5000 is a so-called stand alone or fat terminal that has all its software in the device. Therefore, every H5000 terminal now needs an update. The alternative to this is so-called thin clients, which use a large part of the software in the cloud. Then not every terminal needs an update, but it is usually enough to update the cloud software.
What is the position of card readers in the market and how will it change in the course of further digitalisation?
The H5000 from Verifone was very cheap and is therefore widely used. However, the terminal is old and support has often expired. The fact that so many old devices are still on the market has to do with cost savings at retailers. The devices still work and have therefore simply been used for longer. It was also not to be expected that the devices would simply stop working, because a programmed end of life of hardware is forbidden in Europe. From an ecological point of view, the long operation is correct; from a risk point of view, it would have been better to replace them from today’s perspective.
What is the strategy of retail companies that are currently replacing their terminal fleets?
Those who are replacing their terminals today are also thinking about omnichannel and the appropriate payment methods. It is important to meet the customers’ expectations. Can the terminal also carry out QR code payments? Are vouchers and bonus cards integrated? And if this is already being considered, the question arises as to whether the customer has to go to the checkout at all.
At EuroCIS, Computop will be showing smartphone apps, for example, that allow sales staff to accept payments securely on the smartphone so that the customer does not have to queue at the checkout. In addition, self-checkout and in-app payments are a big topic, because retailers must always be where the customer is.