CrowdStrike Outage: the Impact on Banks and Payments

July 2024

Fintech & Payments

Cara Malone

Senior Research Analyst

On 18th July 2024, a large number of Windows users found themselves caught in what's being called the "largest IT outage in history." The culprit was eventually identified as an update pushed by US cybersecurity firm CrowdStrike to its corporate clients on Friday morning; resulting in a multitude of issues for industries ranging from transportation to healthcare.

Banks and card payment systems were among the victims of the worldwide technology outage, with many customers not being able to access their online banking. Fortunately, a fix was quickly made available, although, as of writing, some devices are still experiencing issues.

However, this story begs a larger issue. If a single error by a single technology company can cause disruption on this level, there's a clear need for banks and payment companies to ensure their operations are robust in future. But how can they do this?

Increasing Outages Displaying Need for Alternative Payments

This outage is not an isolated incident, with other recent outages in the UK affecting the POS (Point of Sale) systems used by Sainsbury’s, McDonalds, and Greggs.

These incidents have shown the importance of security, redundancy and alternative payment methods in the payments ecosystem. A seemingly small technical issue could have a major impact on the current landscape due to its consolidation around certain vendors and technologies, therefore, other systems and alternative payment methods, alongside more robust procedures, must be considered.

Alternative payment methods such as Open Banking could provide backup when card-based POS systems experience outages. Open Banking enables payments to be made via the customer’s bank account. It is effectively a bank transfer from the consumer to the retailer. However, in order for Open Banking to be successful in UK retail, there needs to be a certain level of investment into the infrastructure. Apps are needed that can facilitate the shopping experience and checkout stage, or Open Banking via QR codes needs to be integrated in the self-service checkouts.

The UK also has the potential to emulate the success of A2A (Account to Account) payments seen in regions such as Latin America. A2A enables payments to be made in a similar way to bank transfers; providing another viable option if POS outages occur. These outages also show the importance of cash remaining in the payments ecosystem and being a payment option. No matter how sophisticated digital payment methods become, there is always potential for a myriad of issues to cause outages. A viable solution for this is having multiple payment gateways in place, so if one system goes down, there is a backup that can be used instead. 

Security Vital for Future Outage Prevention

Security is at the forefront for all companies, especially fintechs and those in the financial industry, as breaches can cause major downtimes, as well as data and monetary loss. It is becoming more important than ever for companies to invest in more sophisticated preventative measures that incorporate the use of real-time data and AI. This is being driven by increasing hack threats, and the growing impact potential outages have on day-to-day lives. Security systems must be constantly updated to ensure that they are running at an optimum level.

However, to avoid outages, such as that caused by CrowdStrike, these updates need to be more thoroughly tested with more gradual roll-outs to identify issues. Real-time data reporting coupled with AI will enable constant feedback, which could potentially highlight any issues that need to be dealt with instantly. 

These outages are putting further questions towards the stability and security of the digital economy. There are already a number of concerns when it comes to security within the payments landscape, such as the impact AI is having on increased fraudulent activity. However, events such as this can be used as learning curves to help improve the infrastructure for the future and AI can be used in order to be a preventative measure instead of just a tool for ‘bad actors.'

Monopolisation a Growing Concern 

It's obvious that the number of monopolies in many technological industries increases our vulnerability to outages and cybercrime. The Crowdstrike incident, for instance, was so destructive on an economic, technological, and productivity level because corporate computing is an ersartz monoculture populated by Windows users and few real competitors. This may be good for efficiency and standardisation, but poses concerns on resilience if anything goes wrong.

Within security, if there are only a handful of cybersecurity companies supplying and updating millions of corporate PCs, then there is potential for massive disruption. With so many of the world’s businesses and public services using cloud software and services provided by just a handful of IT companies, the question remains about the limited options businesses have to mitigate the associated cybersecurity and operational risks. 

For this reason, merchants and banks need to consider having multiple payment methods and systems available, in order to have a backup when a system goes down. It is no longer feasible to rely on one solution, as outages can have such major impacts on businesses across multiple industries. It's also possible that, given recent events, regulators may force action in this area and mandate that payment providers operate backup systems in the event that an outage occurs.