|
“Major IT Outages Ground Flights, Hits Banks and Businesses Worldwide” – Wall Street Journal July 19, 2024
As everyone learned, and many experienced first-hand, last week a flawed update from the cybersecurity software firm Crowdstrike disrupted operations at companies of all kinds throughout much of the world.
The incident makes clear the vulnerabilities we face, especially when one service provider is set up as a potential single point of failure.
What lessons will we learn from this?
The best lesson is to make sure there isn’t a single point of failure. Instead, there should be backup systems so that operations can continue even if a service provider is hit.
How do you do that? Well, we’ve done it on debit cards. Because of the Durbin Amendment, we have at least two networks today on every debit card.
If one debit network goes down for any reason, the other network can be used to keep business moving.
Payment card networks go down a lot more than you might think. Over the last few years, card network outages or disruptions have been reported as affecting some segment of U.S. card transactions on the following dates:
- June 20, 2024: Visa network
- April 15, 2024: Mastercard network
- February 28, 2024: Visa network
- February 17, 2024: Visa network
- January 3, 2024: Interlink (Visa debit) network
- June 21, 2023: Maestro (Mastercard debit) network
- March 22, 2023: Maestro network
- September 9, 2022: Maestro network
- May 2, 2022: Interlink (Visa debit) network
- March 21, 2022: Maestro network
One common theme during all of these outages and disruptions? Debit cards still worked because they had a second network that could be used.
- Unfortunately, credit cards have a single point of failure with only one network option on each card. This means that when that one network experiences an outage, those credit cards are inoperable for a period of time. In a world where transactions by credit card are growing, this leaves our payments system especially vulnerable.
- The Credit Card Competition Act would improve on that security weakness by ensuring major bank credit cards always have at least one backup network.
This has worked well on debit cards—so much so that debit network competitors to Visa and Mastercard have had falling fraud rates over the past two years as reported on by the Federal Reserve (at the same time Visa and Mastercard’s debit fraud rates have kept going up), and the competitors’ fraud rates per transaction are now one-eighth of the Visa/MC fraud rates.
- See it here at Table 10 page 36, compared to the previous Fed report in Table 10 at this link.
Having a second network on credit cards would improve cybersecurity on those cards. A backup, and competition to make security better, will help protect us all.
|
