Stay tuned with CashEssentials news ! - beyond payments
By subscribing, you accept our Privacy Policy.

Uruguay: Card Payments Crash Following IT Outage

Categories : Cash and Crises, Cash does not require a technology infrastructure, Cash generates security, Cash is a contingency and fall-back solution, Cash is trust, Cash protects privacy and anonymity
October 31, 2023
Tags : Contingency, Cyber-attack, payment fraud, Uruguay
On 6 October, POS terminals suffered an outage, leaving thousands of merchants unable to process card transactions. It is unclear whether this is due to a technical glitch or a cyber-attack.
Guillaume Lepecq

Chair, CashEssentials

This post is also available in: Spanish

On October 6, McDonald’s Uruguay reported that point-of-sale (POS) terminals were out of service. Other retailers followed. A technical problem affected the US-based card processor Fiserv network, which acquired the domestic Geocom POS network earlier this year, leaving tens of thousands of merchants unable to accept card payments and facing significant economic losses.

According to ICN, the outage affected Visa cards but not Mastercard ones. A cashier attempted to process a transaction in one store, and the POS terminal spat out the entire paper roll.

Outage or Cyberattack?

In the first instance, Fiserv informed its clients that it had suffered an “operational event” that made the terminals inactive and unable to process card transactions.

On October 17, El País cited sources from the financial sector stating the company suffered a cyberattack, which affected its operations. According to El País, the outage was due to a case of ransomware, whereby cybercriminals penetrate a network to hijack data or interrupt operations and demand a ransom – often settled in cryptocurrency – to restore the affected systems or return the data. In this case, the ransomware attack led to an encryption of the system, but no data leak has been reported.

According to an email sent to customers by the company, the processor is hiring an independent expert to conduct an exhaustive investigation of the situation to issue a detailed report of what happened. The Association of Private Banks expressed “concern” about the situation and stated they are “monitoring it closely, reports El País.

The Central Bank of Uruguay (BCU) stated that “it was aware of the situation and is carrying out the corresponding monitoring in accordance with the provisions of current regulations.” “Like any process of these characteristics, it is confidential,” responded the BCU to Montevideo Portal.

The news outlet adds that customers saw their credit cards blocked due to attempted fraud. Different banks declined to comment on the matter.

The Ripple Effect of Cyberattacks

According to Payments Dive, Fiserv has fallen victim to a cyberattack in late May. On October 6, the same day as the outage in Uruguay – the processor notified one of its customers, US-based Flagstar Bank, of a cyber-attack that involved unauthorised access to the bank’s customer information.  About 837,390 Flagstar customers were affected by the breach, according to the bank’s October 5 filing with the Maine attorney general’s office. “Ransomware group Clop claimed responsibility for the May attack, which has impacted more than 2,100 organizations and exposed the data of 62 million people,» writes Payments Dive.

Lloyd’s, the London-based insurance and reinsurance company, has warned that a major cyber-attack on the global payments system could cost the world economy $3.5 trillion.

The ripple effects of cyber-attacks illustrate the vulnerability and interconnectedness of the modern payment ecosystems. An attack on a single provider can disrupt transactions at multiple retailers, affecting millions of consumers and potentially resulting in significant economic losses.

This post is also available in: Spanish