Finland, like its Scandinavian peers, is among the world’s most cashless economies. But according to the central banker, now is not a good time to give up on cash.
Households in Finland should make sure they have some cash on hand, just in case the country’s payments system were to go down, warns Päivi Heikkinen, the Head of the Payment Systems Department and Chief Cashier at the Bank of Finland. In an interview with the national broadcaster MTV3 on Tuesday, Heikkinen said (machine translated) her intention was not to ”fabricate catastrophic scenarios.” That was before saying that in the worst case scenario, the payments system could go down for a period of weeks.
“I don’t want to paint devils on the wall,” she said, “but now we are talking about more serious disruption than what has been brought up in the past.”
Since applying to join NATO in July this year, Finland has allegedly been the target of a number of cyber attacks, including a Denial-of-Service (DoS) attack that targeted the Finnish Parliament on August 9, 2022, temporarily disabling the organization’s website. Since then, the State has begun awarding grants of up to €100,000 to companies, large and small to help them bolster their cyber security.
Although Finland has not yet joined NATO, its foreign minister Pekka Haavisto recently said it would still receive help from its NATO partners in the event of direct threat, even before full membership. Now, a senior official of that country’s central bank is warning of a possible cyber attack against the payments system that could disrupt the system for over a week, and is urging people to have some cash savings at home just in case.
Not a Good Time to Give Up Cash
The irony is that Finland, like its Scandinavian peers, is among the world’s most cashless economies. According to the Bank of Finland, it is on track to become completely cashless by 2030. A survey conducted last year by the central bank found that only 7% of people use cash when making purchases. Ninety percent of the survey’s respondents said they pay for their groceries with a card or mobile payment app.
However, Heikkinen says that now is not a good time to give up cash completely, given the rising risk of attacks against Finnish infrastructure, including its payments system:
“More payment methods bring resilience. If a single payment method sometimes does not work, then we have other payment methods at our disposal. Cash still plays a very important role here.”
One of the oft-overlooked drawbacks of increasingly cashless economies is their inherent fragility. Readers may recall from an article I wrote in June that a widely used payment card terminal in Germany, the H5000, suffered a software glitch, forcing many retailers in the country to display “CASH ONLY” signs on their windows. As I noted in the article, Germans, like their Austrian cousins, have a lingering soft spot for physical lucre. Whereas cash accounts for only about 12% of all payment transactions in Finland, in Germany it accounts for more than 60%. This meant that when the payment outage hit, German consumers and retailers had a fail-safe option to fall back upon.
This is one of the beauties of cash: it is resilient. It won’t fail in a power cut or seize up during a cyber attack (although, of course, ATMs might). That was the lesson offered by Puerto Rico’s harrowing brush with Hurricane Maria in 2017. After the category-four hurricane took out the island’s power grid for weeks on end, the island essentially became a de facto cash-only economy, dependent on airlifts of undisclosed cargoes of cash from the Federal Reserve.
Any society that runs purely on digital platforms operated by large financial institutions “is going to have major resiliency problems,” notes Brett Scott, author of Cloudmoney: Cash, Cards, Crypto and the War for our Wallets.
That inherent systemic fragility is one of the reasons why the Bank of Finland has recommended that the use of cash payments be guaranteed by law. In March, the bank initiated a proposal for legislation to ensure a minimal level of cash-paid services.
It also seems that many Finns are already taking the risk of disruption to the country’s digital payments system seriously. According to a study commissioned by Nosto ATMs in April, more than a third of people had already withdrawn or were planning to withdraw extra cash due to the proxy war in Ukraine between neighboring Russia and NATO. That was before Finland applied for NATO membership.
Meanwhile, Down Under…
Finland was not the only US-NATO aligned country to warn this week of the heightened risk of disruptive cyber attacks against financial institutions. In Australia Wayne Byres, the outgoing chairman of the Prudential Regulation Authority, said a cyber attack on one of the nation’s financial institutions is all but guaranteed:
Financial institutions, at least in a broader context, are quite advanced [in cybersecurity], but what we also know is that, at some point, some sort of event will happen. It doesn’t matter what sort of defences you put in place…
Unlike many risks that financial institutions deal with, you’ve got an active adversary that is constantly trying to defeat your improved defences… It’s high on the priority of all boards of all executive teams; there’s a huge amount being put into investment in improving defences, improving detection capabilities, and improving response capacity.
Bryes was giving testimony on Tuesday to a parliamentary inquiry convened to investigate a recent cyber attack against Optus, Australia’s second largest telecommunications provider. Said attack took place on Sept. 22 and resulted in a breach of the personal data of 10 million current and former Optus customers. That data included customers’ names, dates of birth, phone numbers and email addresses, while a smaller subset of customers had their street addresses, driving licence details, medicare and passport numbers leaked. Some of those customers are now falling prey to scammers.
Australia’s banks have been plagued by a slew of IT outages over the past few years. In fact, on Wednesday, just a day after Bryes’ warning, Australia’s Osko payments system suffered an internal system engineering issue. Developed by a consortium of 13 financial institutions, including the Reserve Bank of Australia, Osko provides for almost-instant, around-the-clock settlement of transactions between banks. But when the system went down on Wednesday evening, the result was a four-hour industry-wide bank payment transfer outage that left customers in the lurch.
Brad Kelly, the managing director of consultancy firm Payment Services described the outage as a “whopper”, adding it should give the industry pause about the push towards the NPP and away from traditional services like direct debit or Bpay:
“Unfortunately, NPP falls over, you can see what happens – there’s no fallback. So that’s what we’re dealing with today.”
In its latest Financial Stability Review, published last week, the Reserve Bank of Australia noted that the recent Optus data breach had demonstrated the threat cyber crime poses to Australian businesses and their customers. In its previous review, in April, the central bank cautioned that a large-scale cyber attack “would not only create problems for the institution concerned but could also undermine confidence in the broader financial system.”
Banks and government agencies in the US have also been escalating their warnings about the threat posed by cyber attacks. In December 2021, a month after the attack on Banco de Venezuela, the JP Morgan International Council, which is chaired by Tony Blair and whose members include JPM CEO Jamie Dimon, Condoleezza Rice and Henry Kissinger, urged for closer collaboration between the government and businesses, increased intelligence sharing and stiffer cybersecurity legislation.
“Cyber is the most dangerous weapon in the world – politically, economically and militarily,” Bob Gates, the former US Defense Secretary and CIA Director, said in the report. Gates is currently vice chairman of the JPM’s International Council, which certainly has an eclectic mix of alleged war criminals sitting on it.
On February 9, just two weeks before Russia’s invasion of Ukraine, European and U.S. regulators told banks to prepare for the threat of a cyber attack from Russia. There were also fears that Russia would retaliate against its banks’ expulsion from Swift by launching cyber attacks against the Belgium-based global payments system. Neither of these have happened. In fact, as the FT reported in late September, most of the dire warnings about Russian-sponsored cyber attacks have not materialized.
In fact, most of the lenders hit hardest by cyber attacks to date have been in emerging markets such as Pakistan, Ecuador and Venezuela. Interestingly, Venezuela’s government laid the blame for the one-week IT outage suffered by Banco de Venezuela, the country’s largest bank, in September last year on the US government, which Venezuela’s vice president Delcy Rodríguez accused of launching an “intense and aggressive” cyber attack against the bank’s IT system.
On April 1 (yes, April Fool’s Day), the European Banking Authority warned of the risk of fake news triggering a run on European banks. The warning bore an eerie resemblance to a scenario featured in a 10-country simulation of a major cyberattack organized by the Israeli government in December 2021. As Reuters reported at the time, the simulated cyber attack, dubbed “Collective Strength”, took place over 10 days, “with sensitive data emerging on the Dark Web along with fake news reports that ultimately caused chaos in global markets and a run on banks”:
The simulation featured several types of attacks that impacted global foreign exchange and bond markets, liquidity, integrity of data and transactions between importers and exporters.
“These events are creating havoc in the financial markets,” said a narrator of a film shown to the participants as part of the simulation and seen by Reuters.
Participants in the Collective Strength simulation included treasury officials from Israel, the US, the UK, Austria, Switzerland, Germany, Italy, the Netherlands, the United Arab Emirates and Thailand, as well as representatives of the IMF, the World Bank and the Bank of International Settlements, the central bank of central banks. The participants discussed a range of responses to the simulated crisis, including a coordinated bank holiday, debt repayment grace periods, SWAP/REPO agreements and coordinated delinking from major currencies.
Now, two senior banking officials have issued fresh warnings about the risk of disruption to the financial system caused by a cyber attack. One of them even urged citizens to take out cash for emergency purchases just in case the electronic payments system goes down. That, of course, does not mean it will happen. As previously noted, none of the dire warnings of a cyber attack disrupting the financial system have thankfully come to pass.
But given the provenance of one of those warnings — the director of the Payment Systems Department and Chief Cashier at the Bank of Finland — and the increasing incidence of large-scale coordinated acts of sabotage on key infrastructure in Europe, including quite probably false flag attacks, it is probably worth at least taking notice.
USPS had digital systems problems yesterday. My local PO had a sign on the door that read “No credit card payments accepted.” Don’t know if they have been cleared up yet.
I believe the “no credit card” sign is simply a direct notice to customers that USPS does not take credit cards at Post Offices, in general. Mine doesn’t.
It’s a bank card or cash only.
Our post office has taken major credit cards for many years. The biggest problem they’re having in this area is with thefts of checks from free-standing mail-boxes, including those standing right outside the post office buildings! Apparently it’s an inside job. Thieves have acquired (presumably purchased) mail box keys from postal employees. Although they have caught and jailed several people, the thefts seem to be continuing.
juno mas – I think *in general* post offices do take credit cards.
Of course, you can’t use a credit card for money order purchases, but other than that, I’ve never heard of the USPS refusing credit cards except when the payment system is down.
You’re the first person I’ve seen mention it.
That’s just what happened at my local Post Office a few weeks ago. It’s also happened a couple times since then at local grocery stores and a coffee shop.
Cash always works and doesn’t let the cc companies take a small cut of the sale price. (With small, locally owned shops making a only tiny profit margin already, every bit they don’t have to pay the cc companies per transaction is a bit they can keep on the profit side of their ledgers.)
flora – I’ve seen a large number of businesses adding a 3-4% fee to any credit card payments they accept. That covers the merchant fees and might boost their profit by a few pennies.
The danger is worse than not having access to financial systems for retail transactions. In the event that those digital systems are down that will likely be in conjunction with other systemic disruptions, including supply chains which also depend on digital financial transactions for payments. The result will be inflation from widespread shortages so one should be prepared to have much more cash stashed under the mattress than one’s usual monthly spend. 2020–2021 was just a dry run for the coming crisis.
But hard cash would be scarce – too few slips of paper chasing the goods?
While it’s mainly a nuance and has no effect on the content, Heikkinen did not actually tell people to “stash up” on cash, but reminded them that cash is an important part of the supposed 72 hour reserve every Finnish household is supposed to have.
Most of the Finns seem to think that if there’s a blackout, the stores will be closed anyway, so why bother with cash. And if a blackout or denial of service lasts over 72 hours, there will be organized food and water distribution anyway.
Even after decades of slow (neoliberal) crapification, Finns still trust “the system” to work.
Thanks PS. Even though it’s a nuance, it’s an important one. Have therefore changed “stash up” in the title to “stock up.”
I think the ‘stash up’ idea is family blogging crazy.
There is not enough physical cash, and hoarding will invite low level behavior.
Travellers, Ireland and scotland, try to stay cash.
Before you start laughing, what is needed is a trustworthy,risk balanced, well regulated means of exchange for all mutants.
The big thing is that the authorities will never warn you about upcoming problems until it is too late to take action. This was brought home to me back in 2008 here in Oz during the financial crisis. This financial bigwig went on TV to assure everybody that everything was well with the financial system and that there was no reason to panic or trying to get your money out of the banks. What he neglected to mention was that he called his wife before going on TV and told her to grab every card that they had in the house, drive down to the nearest ATMs, and then to withdraw the maximum amount of cash from each and every card as in right away.
yes, if it ever gets to a point where, one says “whew, I’m glad I stashed $10,000 under the mattress,” you’re probably going to wish that it was $10,000 worth of gasoline as you put on your “Max Mad” face for the daily walkabout.
It was not in finland,but iceland.
I could do nothing without a card and a terminal.
When I offered cash, the young women behind the bar explained that it was far easier for them, and they didn’t hold a float anyway.
Its all a bit blackout by lil louis
The nordics have been in a haste to digitize society, mostly in order to reduce various staffing costs in the finance/banking and government sectors.
Yes, it is convenient being able to sign all one’s paperwork from a phone or laptop while at one’s cabin in the middle of nowhere. But that also means that someone else can impersonate you from the other side of the globe.
I suppose I shouldn’t admit this, but I’ve been stashing away cash and coins for emergencies for some time. Personally I think it’s a good idea.
I still chuckle at the ubiquity of coin-purses the first time that I visited Germany 50-odd years ago. Not a credit card in sight. Amazing what living through a social collapse, sudden mass migration, and multi-decade occupation by hostile foreign armies will do. I’ve found that many of my Vietnamese and Korean immigrant acquaintances have had a similar affinity for cash — and for stashing-away large sacks of rice.
When the electricity goes out all those Point-of-Sale (POS) systems stop working, cash will not save you, prepping will.
going cashless and lose your sovereignty over your own money is just like going the free trade route and losing your sovereignty.
what could possible go wrong:)