On 18th July 2024, a large number of Windows users found themselves caught in what’s being called the “largest IT outage in history.” Crowdstrike (NASDAQ:CRWD), an IT cyber protection firm, stumbled in an update that caused a global outage. Shares in the firm have dropped dramatically following the debacle. Days after the issue, there have been reports that some air passengers continue to struggle to reach their destinations.
Analysts at Juniper Research said that the error resulted in a multitude of issues for industries ranging from transportation to healthcare.
The analysts explained that banks and card payment systems “were among the victims of the worldwide technology outage, with many customers not being able to access their online banking.”
Fortunately, “a fix was quickly made available, although, as of writing, some devices are still experiencing issues.”
However, this story begs a larger issue. If a single error by a single technology company “can cause disruption on this level, there’s a clear need for banks and payment companies to ensure their operations are robust in future. But how can they do this?”
As stated in a blog post by Juniper, this outage is “not an isolated incident, with other recent outages in the UK affecting the POS (Point of Sale) systems used by Sainsbury’s, McDonalds, and Greggs.”
These incidents have shown the “importance of security, redundancy and alternative payment methods in the payments ecosystem.”
A seemingly small technical issue could “have a major impact on the current landscape due to its consolidation around certain vendors and technologies, therefore, other systems and alternative payment methods, alongside more robust procedures, must be considered.”
Juniper Research added that alternative payment methods “such as Open Banking could provide backup when card-based POS systems experience outages.”
Open Banking enables payments to be “made via the customer’s bank account. It is effectively a bank transfer from the consumer to the retailer.”
However, Juniper Research explained in a blog post that “in order for Open Banking to be successful in UK retail, there needs to be a certain level of investment into the infrastructure.”
Apps are needed that can facilitate the shopping experience and “checkout stage, or Open Banking via QR codes needs to be integrated in the self-service checkouts.”
The UK also has the potential to “emulate the success of A2A (Account to Account) payments seen in regions such as Latin America.”
A2A enables payments to be made “in a similar way to bank transfers; providing another viable option if POS outages occur.”
As noted in the report, these outages also show “the importance of cash remaining in the payments ecosystem and being a payment option. No matter how sophisticated digital payment methods become, there is always the potential for a myriad of issues to cause outages. A viable solution for this is having multiple payment gateways in place, so if one system goes down, there is a backup that can be used instead.”
Security is at the forefront for all companies, “especially fintechs and those in the financial industry, as breaches can cause major downtimes, as well as data and monetary loss. It is becoming more important than ever for companies to invest in more sophisticated preventative measures that incorporate the use of real-time data and AI.”
Juniper Research added that this is being “driven by increasing hack threats, and the growing impact potential outages have on day-to-day lives. Security systems must be constantly updated to ensure that they are running at an optimum level.”
However, to avoid outages, such as that caused by CrowdStrike, these updates “need to be more thoroughly tested with more gradual roll-outs to identify issues. Real-time data reporting coupled with AI will enable constant feedback, which could potentially highlight any issues that need to be dealt with instantly.”
These outages are putting further questions “towards the stability and security of the digital economy.”
There are already a number of concerns “when it comes to security within the payments landscape, such as the impact AI is having on increased fraudulent activity.”
However, Juniper Research pointed out that “events such as this can be used as learning curves to help improve the infrastructure for the future and AI can be used in order to be a preventative measure instead of just a tool for ‘bad actors.'”
As stated in a blog post by Juniper Research:
“It’s obvious that the number of monopolies in many technological industries increases our vulnerability to outages and cybercrime. The Crowdstrike incident, for instance, was so destructive on an economic, technological, and productivity level because corporate computing is an ersartz monoculture populated by Windows users and few real competitors. This may be good for efficiency and standardisation, but poses concerns on resilience if anything goes wrong.”
The update further noted:
“Within security, if there are only a handful of cybersecurity companies supplying and updating millions of corporate PCs, then there is potential for massive disruption. With so many of the world’s businesses and public services using cloud software and services provided by just a handful of IT companies, the question remains about the limited options businesses have to mitigate the associated cybersecurity and operational risks.“
For this reason, merchants and banks need to “consider having multiple payment methods and systems available in order to have a backup when a system goes down.”
Juniper Research also mentioned that it is “no longer feasible to rely on one solution, as outages can have such major impacts on businesses across multiple industries.”
Juniper Research analysts concluded that is is “also possible that, given recent events, regulators may force action in this area and mandate that payment providers operate backup systems in the event that an outage occurs.”