On Saturday, November 18th, there was a widespread crash of payment systems and Bizum, leaving thousands of people and businesses in the country unable to operate. The reasons have not yet been disclosed, but it points to an internal failure. The analysis of the news does not change based on the cause of the crash. Certainly, a cyberattack could cause greater concern among users of the affected banking systems, especially following such a serious incident as the one experienced by Air Europa not long ago.
Impact on Consumers As one of the many users affected, I was in a department store when I found it impossible to complete a transaction at the checkout, even when trying with different banks. The first reaction of the staff was to suggest that the issue was with my using a mobile phone instead of a physical card. Obviously, after several attempts with both the mobile app and the physical card as suggested by the staff, and even changing checkout lanes, we left the store without completing the purchase. I share this anecdote not to express my frustration, but as a perfect example of what happens when information availability is lacking in companies, and its impact from different perspectives.
Consequences for Businesses From the businesses’ perspective, the immediate conclusions are clear. The first is the inability to charge for products and services, as many customers, like myself, left the stores confused (or indignant, depending on the treatment received) without making a purchase. The impact of this crash has been economic, in some cases significant, but also operational. Consider the cessation of activity of workers in large stores who stopped operating at the cash registers, as well as the business processes involved in collections and payments. Lastly, there is also an underlying impact on the reputation of some companies, especially in the early moments of confusion, as customers felt poorly served or blamed the company’s systems. I cannot gauge it, but the economic impact has surely been notable.
Lessons This also serves as an example of how services increasingly depend on third parties. In a previous article, I discussed the supply chain and how it impacts our operations, but also the responsibilities we assume. I understand that RedSys needs to provide explanations to the more than 50 banking entities it serves as intermediaries, but the supply chain is relentless and its failure has had consequences at all levels.
In short, we are facing an example of the impact of an information security incident, which surprisingly did not originate in a cyberattack (or so we understand at this time). The loss of information availability also has serious consequences in many cases, impacting the economy, operations, and reputation of companies, testing their ability to withstand a security event and successfully recover from it. Therefore, let’s prepare our companies for possible events that occur in our suppliers and may impact us, reviewing the responsibility each one holds in these situations. Lastly, and no less important, we must communicate very well to customers and interested parties to avoid confusion, and convey calm and security.