As recent payment outages in Germany (and elsewhere) have shown, even proponents of a cashless economy have an interest in safeguarding the future of cash, if only for the sake of financial stability.
A few days ago, many shops in Germany had “CASH ONLY” signs displayed on their windows or at the entrance to their premises. Some establishments allowed people without cash to pay by card, but only if they provided a signature. It was as if parts of Germany’s payment system had just travelled through a wormhole back to the 1990’s, albeit with euros rather than the Deutsche Mark as the legal currency.
According to initial reports, the cause of the problems was a software glitch affecting all H5000 payment card terminals, which are widely used by German retailers including some of the largest supermarket chains. Starting on May 24 normal card payments became all but impossible for those retailers. The problems lasted for a week or so, prompting some larger retailers to replace all of their card terminals. It’s an investment that many smaller, struggling retailers can ill afford to make right now.
There are (or at least were) around 100,000 H5000 units in Germany, according to some estimates. The devices were manufactured by the US financial services provider Verifone specifically for the German market, but they are operated by eleven network operators, including Payone GmbH and Concardis GmbH.
On May 27, one of those companies, Payone, reported it was facing issues with the H5000 card terminal and that the issues were occurring throughout the country: “Like other network operators, we are currently experiencing considerable restrictions in the processing of transactions with card payment terminals of the type H5000 from the manufacturer Verifone throughout Germany.”
According to Handelsblatt, financial supervisors from Bafin and Bundesbank are already on the case. The German banking industry, which represents the interests of banks and savings banks, also announced that it would “analyze and process the disruption in depth in collaboration with the various parties involved and the supervisory authorities”. However, it also conceded that it will still take “a while” before the last H5000 terminal is replaced or updated.
The problem first came to light on May 24 when the Konsum retail chain in Dresden published the following message on its Facebook page: “Attention, an important notice for you! Due to a Germany-wide malfunction, card payments are currently not possible in our stores.”
Similar problems began to be reported by other retail chains such as Netto, Edeka, Aldi Nord, Rossman and DM as well as smaller, independent retailers and petrol stations. Initial reports suggested that H5000 card machines across Germany were experiencing a software malfunction that stopped them processing payments.
“As things stand, it will be necessary to install new software updates on all H5000 terminals, which the manufacturer will provide as soon as possible,” Payone said.
But some IT experts have pointed to a different possible cause: an expiring security certificate. The problem, it seems, is that the Verifone H5000 is a rather old albeit robust model whose so-called “End of Life” was officially announced by Verifone in 2019. The company ended its production of the terminal a year later. Although it offered limited product support until 2023, one of the embedded certificates seem to have expired unnoticed on Tuesday May 24 causing the terminals to stop working. That is the hypothesis of Jan Wildeboer, a self-described “EMEA Evengelist” at IBM-owned Red Hat who began informing the English-speaking public about the issue in a rapidly expanding Twitter thread.
Wuildeboer is a Linux expert and the H5000 was the first card terminal in Germany to run on open source software. On May 30, the Bavarian newspaper Süddeutsche Zeitung reported that a “curious detail” within the network operators’ support instructions seemed to support Wildeboer’s hypothesis (machine translated):
Usually, any tech support will immediately ask the caller, “Have you tried rebooting?” In this case, the network operators advise retailers against rebooting the terminals themselves. That fits with Wildeboer’s certification thesis. Because when you reboot, the devices check their integrity, i.e. whether they may have been manipulated by hackers. If they then lack a necessary certificate, they switch to a kind of safe mode from which only an on-the-spot technician can release them.
Who’s to Blame?
Trying to apportion blame for the payment terminal outages is not going to be easy. As the article in Süddeutsche Zeitung notes, Verifone released a software update in Verifone despite having previously stated there would be no more updates after April 2021. This suggests the developers may have realized there was a potential problem with the expiring certificate. But the update seems to have reached only a few retailers, who apparently experienced no problems with their terminals. For everyone else, the devices suddenly became unusable on May 24.
This, as the article notes, is where the question of guilt gets interesting. After all, retailers in Germany have clearly lost a certain amount of business as a result of the outage. If Verifone made a software update to avert the problem, then who is responsible for the broken devices? The retailer? Or the network operator? Or did Verifone fail to give the network operators and retailers sufficient warning about how critical the unscheduled update was?
In recent days the crisis appears to have more or less petered out, at least for the companies that have been able to replace or fix their terminals. On June 3, the newspaper Focus reported that more and more of the affected retailers can now accept credit cards and giro cards again. But the crisis still serves as a timely reminder of one of the main dangers of going completely cashless: the inherent fragility of a purely cashless economy.
At a personal level the impact of the payment outage in Germany was fairly limited, as long as you had access to cash. And just about everybody did, given that ATMs continued to work throughout the outage. In other words, there was an alternative to digital money that was widely available to all users — i.e. physical cash.
There is also something rather peculiar about Germans (as well as Austrians): they love physical money (a topic I have written on before for WOLF STREET). Even the intense demonization of cash in the early days of the COVID-19 pandemic failed to shake the German people’s faith in physical lucre, although the use of cashless payment transactions, whether by card or mobile, has grown significantly in the last two and a half years.
A recent 11-country survey by the payment companies PYMNTS and Stripe found cash and cheques are still the most common way to make in-store payments in Germany, accounting for 37% of all in-store transactions compared to 29% for card-based methods and 20% for mobile payment platforms. The study — Benchmarking the World’s Digital Transformation — found that cash is also still popular in Italy, Spain and Japan.
In many other parts of Europe, particularly in the north, cash is, to all intents and purposes, dying a natural, albeit artificially accelerated, death. For example, in France cash and cheques account for just 12.6% of in-store transactions. In the Netherlands it’s 18% and in the UK, 19%.
A Brief Foretaste
Just imagine what would happen if a similar payment card outage that just happened in Germany were to occur in Sweden, Norway, the UK or France, where far fewer people use cash. The disruptive impact would have been far greater. We already had a brief foretaste of what that might look like a few weeks ago. On Monday May 16, Norway, the world’s most cashless economy (according to its central banks), with reportedly just 4% of the population still using cash, suffered a nationwide outage of its card payment system. Card terminals went down throughout the country, leading to long queues at the ATMs.
“In a large number of shops, including grocery stores…, payment cards were useless on Monday afternoon,” reported the online newspaper Nettavisen. “Many feared that the ATMs would run out of cash as a result of the unexpected development.”
Imagine if the outage had lasted for days or weeks rather than hours, as occurred in Puerto Rico in 2017 as a result of devastation caused by Hurricane Maria. Electronic payment systems went down for weeks, turning the island into a de facto cash-only economy. So serious was the fallout that corporate clients began begging the New York Federal Reserve for large amounts of dollars in cash to meet payrolls. In the end, the Fed dispatched a jet loaded with an undisclosed amount of dollar bills to the stricken island.
Of course, there are myriad other reasons why a fully cashless society is far from desirable, including the inevitability of more granular surveillance, the loss of one of our last vestiges of personal privacy and anonymity, the exclusionary effects it will have on those who are unable to access or use digital technologies and the much greater power and control it would grant to both governments and corporations over our spending habits — and indeed potentially over our ability to spend money at all.
As Silkie Carlo, the director of the British civil liberties organization Big Brother Watch wrote in a recent op-ed for the Daily Telegraph, financial services companies have already shown a predilection for taking an interventionist approach to people’s spending:
There are now numerous examples of cancel culture driving digital wallets to be frozen – an early notable example was PayPal freezing WikiLeaks’ account in 2010. Just months ago, the Canadian government froze bank accounts of people associated with the truckers’ “Freedom Convoy”, in an effort to quell the campaign against mandatory vaccines. With digital currency, the question fast becomes not only who watches how you spend your money, nor even who controls how you spend it, but who actually owns it?
Even people who have absolutely no qualms whatsoever about the prospect of governments, central banks and corporations instituting a cashless economy as a means of grabbing a lot more power, or arguably total power, over our lives should have serious concerns about its potential implications for the stability of the financial system. As Stefan Ingves, the governor of Sweden’s central bank, the Riksbank, warned back in 2018, replacing physical cash altogether could cause serious problems in times of crisis:
“If the power supply is cut it’s no longer possible to make electronic payments. For reasons based purely in preparedness we need notes and coins that work without electricity.”
Of course, central banks themselves are exploring the possibility of introducing their own central bank digital currencies, or CBDCs, in the near future. A small number have already done so, including the People’s Bank of China, whose digital yuan is already being used in pilot schemes to stimulate consumption in its pandemic-hit economy. While it’s true that many central banks have insisted that physical cash will continue to exist alongside the CBDCs, central banks are not exactly known for keeping their word.