Wednesday 6 June 2018

Resilience: Lessons from the Visa Outage












Resilience

The sudden and unexpected collapse for around four hours of the Visa card network showed how fragile modern technological society has become.

Earlier in 2018, TSB was hit with several outages, with customers unable to access online services. In 2017, a systems failure of the reservations system of British Airways left passengers stranded.

Below are some of the comments from papers reporting on the events unfolding and reflecting on the aftermath. This was not a deliberate cyberattack, but it could have been.

In December 2015, life for more than 100,000 people in Lancaster reverted to a pre-electronics era. A flood at an electricity substation resulted in a blackout over the entire city that lasted for more than 24 hours.

Suddenly people realised that, without electricity, there is no internet, no mobile phones, no contactless payment, no lifts and no petrol pumps. Although these dependencies were not difficult to see, few had thought through the implications of losing so many aspects of modern life at once.

Back in the 1970s and early1980s, most typewriters were manual, with carbon paper. Electric battery calculators were used by accountants to add up figures but the analysis and accounts preparation was all done using paper and pen. Shops accepted cheques, or used mechanical machines to take debit and credit card details.

A power cut was an inconvenience but not an event which would massively impinge on businesses and consumers alike. There were no cards and card readers to go wrong, most people paid for supermarket shopping or meals and drinks out by cheque or by cash. And even the copper telephone system could often continue to operate during a power cut.

In today’s world, a glitch in a computer system can have profound consequences. This was only a minor glitch, but just imagine a deliberate large scale attack on systems. They do not seem resilient enough.

Media Reports

The news broke from VisaNewsEurope:

We are currently experiencing a service disruption which is preventing some Visa transactions in Europe from being processed. We are investigating the cause and working as quickly as possible to resolve the situation. We will keep you updated.

Forbes noted that it was widespread across Europe:

Visa services have now reportedly returned back to normal after a hardware failure resulted in customers all over Europe unable to make payments using their cards for several hours yesterday.

Part of the reason why the disruption was so chaotic was the timing. It happened on a Friday, just after people were leaving work. The Daily Express noted:

The crash affected millions of people across Europe, as Visa’s systems processed £1 in £3 of all UK spending. The crash happened just as millions of Brits across the country were finishing work at 5pm on Friday, stopping customers from buying food and clothing, or paying for food and drink at restaurants or pubs.

Meanwhile the Guardian had an on-the-spot report:

Guardian Money’s Miles Brignall has just returned from the Morrisons supermarket in Letchworth. It’s cash only signs up. Plenty of shoppers have abandoned their baskets. Others are queuing up outside the ATMs outside the building.

Guy Anker, the deputy editor of consumer website MoneySavingExpert.com noted that:

After TSB’s IT meltdown, this is yet another big banking or payment systems problem for people to have to deal with. It’s simply not good enough in this day and age when we rely so heavily on technology to conduct what are pretty basic things such as buying a drink or a meal.

Reflecting on lessons learnt, Forbes commented:

Is Europe ready to become completely cashless? In a hypothetical situation, if MasterCard services also suffered an outage and there was no cash available anymore, we would struggle to make payments, if cryptocurrencies were also not an option.

With the words 'we don't take cash' being heard more and more in Europe as technology advances, with an average of 80 percent of customers already paying with cards, shops believe that the next logical step was to not accept cash altogether.

This was apparently just an accident. As CNET reported:

A Visa spokesperson tells CNET the issue was due to a hardware failure. "We have no reason to believe this was associated with any unauthorized access or malicious event," the company added.

And the Financial Times gave some statistics:

The difficulties highlight one of the potential pitfalls of the increasing shift to a “cashless” society. Card payments accounted for 77 per cent of total UK retail sales in October 2017, according to industry body UK Finance. Some countries such as Sweden are even less reliant on cash. More than 95 per cent of debit cards in the UK run on Visa’s network.

Another post-event reflection came from Wired

Though some Visa transactions still went through, the failure appeared widespread. The Financial Times even reported that some ATMs in the United Kingdom were already out of cash within a couple of hours of the first outage reports. Some observers saw in the outage a stark reminder of the fragility of payment networks, and the weaknesses in global economic platforms.

The world's payment networks are incredibly centralized, a small number of actors control a large percent of all money flows," says Emin Gün Sirer, a distributed systems researcher at Cornell University. "This not only has implications for all of us regular people, but it also has implications for national security. These networks have implicitly become part of our critical infrastructure."

No comments: