How the 4 companies behind every single credit card swipe prevent outages and thwart hackers from getting your data

GettyImages 1084723604
Miami Beach, Tropical Beach Cafe credit card scanner. Photo by Jeffrey Greenberg/Universal Images Group via Getty Images

  • Just 4 payment processing companies are behind each credit or debit card swipe.
  • The companies are basically huge data centers that look at billions of transactions 24/7.
  • If one of the big four processors had an outage, merchants would be the most affected.
  • See more stories on Insider’s business page.

Dozens of large businesses – from McDonald’s and Chick-fil-A, to a local DMV and car wash – couldn’t accept credit card payments one afternoon in February – creating a flurry of confusion and frustrated customers.

The problem, which only lasted a few hours, can be traced to a backend system operated by just four companies that underpins much of the payments ecosystem. Most consumers know little to nothing about it.

When customers slip their debit or credit cards into a machine at a business, a little phrase pops up: “authorizing payment.” Those two words reference an elaborate system that allows the multi-billion dollar payments processing industry to approve the charge for the customer.

It sounds simple, but each processor – the companies that handle every card payment by communicating between the merchant and customer’s respective banks – must use an elaborate system of backups to keep the consumer economy running each day, preventing an outage that would leave many merchants scrambling to not lose sales from consumers who increasingly don’t carry cash.

On top of that, they’re pounded by hacking attempts from criminals wanting to steal payment information, meaning their cybersecurity must be top notch.

But in their most simplistic form, “you can think of them as being these huge data center-based companies that are processing billions upon billions of transactions, 24/7, 365,” said Lisa Ellis, an analyst at MoffettNathanson.

On Feb. 26, when Fiserv, one of those payments processors had an internet outage, merchants across the US couldn’t take electronic transactions until the issue resolved. The company services to a majority of fast-food restaurants, which explains why Chick-fil-A, McDonald’s, and Popeye’s were some of the businesses affected that day.

Fiserv, alongside FIS, Global Payments, and JPMorgan Chase, account for about 80% to 90% of the payments processing industry in the US, according to MoffetNathanson. That means each time you swipe your card, there’s about a 90% chance one of those businesses is responsible approving the payment.

A case of an “outage,” in which many merchants can’t process card payments, is extremely rare, according to Ellis and Robert Le, an analyst at PitchBook. That’s because the processors have backups for every single part of the process.

“The IT infrastructure of any large company has a whole backup plan to it,” Ellis said. It’s “a business continuity plan that says, ‘OK what’s the redundancy that’s built in here in case something goes down?'”

Payments processors have backup internet providers and backup data centers that process payments in case one data center goes down. If a card is taking longer than normal to authorize, it might be because the payment is being routed to a data center farther away.

A spokesperson for FIS told Insider the company has heavily invested in its infrastructure “to minimize the likelihood and impact of an outage.” It regularly tests backups, like its “auto failover” that allows payments to move between data centers as needed, they said.

Global Payments didn’t respond to Insider’s request for comment, and a representative from JPMorgan Chase declined to discuss company operations and cybersecurity measures.

As for Fiserv, which had the issues in February, a company spokesperson said: “Redundancy and resiliency are built into our solutions.” That includes multiple internet service providers and data center backups across the country, they said.

In February, despite the hours-long wait many merchants had in being able to once again accept digital payments, Cave said Fiserv’s internet backups worked as intended. She added that, “the initial internet service provider outage created a secondary impact for some clients.”

A widespread, long-term outage at a payments processor is “very rare,” Le, the Pitchbook analyst, said.

So rare, in fact, that when Visa, a payments provider that works with the processors, had an outage in Europe in September 2018, people thought it might have been a terrorist attack, Ellis said. More than 5 million transactions failed over the 10-hour outage because of a rare data center malfunction, Finextra reported at the time.

“People were freaking out,” Ellis said, “because it’s so unusual.”

Though the Visa outage was a data malfunction, payments processors and others in the network must be on top of cybersecurity to prevent service problems related to a hacking. They’re “bombarded constantly with cybersecurity attacking attempts” because criminals are wanting to get payment information, Ellis said.

“Aside from military agencies and stuff like that, they’ve got to be some of the most attacked networks in the world because they contain payment information,” she said.

Read more: A ‘coiled spring’ is set to unleash massive growth for card giants like Amex, Mastercard, and Visa. Experts explain why the market will take off in 2021.

Outages, though rare, likely affect merchants the most, considering the lost sales and damage to the brand reputation with customers, according to Le.

“Consumers nowadays don’t carry any cash,” Ellis said. “So if you were in a store buying anything of a reasonable size and you couldn’t use a card, most consumers would just walk out.”

Over the years, cash has become less widely used as card payments have taken over. Card penetration, or the number of consumers using a card instead of cash, is about 60% to 70%, according to Ellis, but that varies across the country. In New York City, for example, card usage is even higher.

If there was a big outage at a payments processor in the future, it could “lead to a call to bring cash use back into the system,” Le said. But in the long-term, merchants are likely to look for support from multiple payments processors, instead of just relying on one, he said.

Large businesses in the US usually do have multiple processors, so they have a backup in case one goes down. But smaller merchants generally don’t, Ellis said.

Amid the COVID-19 pandemic, cash increasingly became a thing of the past, as merchants sought to use more contactless payments to avoid exposure to the virus. And the future of payments is likely digital, as Insider Intelligence predicts they will continue to grow from 2023 and beyond.

Read the original article on Business Insider

Robinhood is reportedly borrowing at least ‘several hundred million dollars’ from banks amid GameStop trading frenzy

robinhood gamification trading app 4x3
  • Robinhood is drawing on credit lines from its lenders, Bloomberg reported Thursday.
  • The trading app is tapping into “at least several hundred million dollars,” according to Bloomberg.
  • Robinhood is popular among the retail investors behind this week’s market frenzy involving GameStop.
  • Visit Business Insider’s homepage for more stories.

Robinhood is drawing down lines of credit to the tune of “at least several hundred million dollars,” Bloomberg reported Thursday.

The quick decision to seek additional funds from its lenders, which include JPMorgan Chase and Goldman Sachs, suggest that this week’s trading frenzy has put a strain on the company, according to Bloomberg’s Matthew Monks and Michelle Davis. 

Robinhood did not respond to a request for comment on this story.

The trading app is popular among the online community r/WallStreetBets, a group of mostly retail investors who sparked massive market swings by targeting short sellers’ positions in companies including GameStop, AMC Theaters, and Nokia.

Read more: How hedge funds are tracking Reddit posts to protect their portfolios after the Wall Street Bets crowd helped tank Melvin Capital’s short positions

The high volatility prompted Robinhood and other brokerage firms to temporarily halt trading of those shares.

In an email to users, Robinhood attributed the company’s decision to restrict trading to having to comply with financial requirements including SEC net capital obligations and clearinghouse deposits, that it said protected investors and the stock market. 

Read more: Robinhood user launches class-action suit against the trading app hours after it blocked purchases of GameStop

But the move sparked outrage from customers, the broader retail investor community, several progressive lawmakers including Reps. Alexandria Ocasio-Cortez and Ro Khanna, regulators, and even Elon Musk, a popular figure among r/WallStreetBets members.

Democrats in Congress have said they will hold at least two hearings about Wall Street’s practices following the GameStop short-squeeze.

Read more: One chart shows how 3 GameStop shareholders gained nearly $4 billion in a week

Robinhood has tapped its credit lines during periods of market volatility in the past. In March 2020, it maxed out its credit lines during wild market swings in the early stages of the COVID-19 pandemic. 

Read the original article on Business Insider