How the 4 companies behind every single credit card swipe prevent outages and thwart hackers from getting your data

GettyImages 1084723604
Miami Beach, Tropical Beach Cafe credit card scanner. Photo by Jeffrey Greenberg/Universal Images Group via Getty Images

  • Just 4 payment processing companies are behind each credit or debit card swipe.
  • The companies are basically huge data centers that look at billions of transactions 24/7.
  • If one of the big four processors had an outage, merchants would be the most affected.
  • See more stories on Insider’s business page.

Dozens of large businesses – from McDonald’s and Chick-fil-A, to a local DMV and car wash – couldn’t accept credit card payments one afternoon in February – creating a flurry of confusion and frustrated customers.

The problem, which only lasted a few hours, can be traced to a backend system operated by just four companies that underpins much of the payments ecosystem. Most consumers know little to nothing about it.

When customers slip their debit or credit cards into a machine at a business, a little phrase pops up: “authorizing payment.” Those two words reference an elaborate system that allows the multi-billion dollar payments processing industry to approve the charge for the customer.

It sounds simple, but each processor – the companies that handle every card payment by communicating between the merchant and customer’s respective banks – must use an elaborate system of backups to keep the consumer economy running each day, preventing an outage that would leave many merchants scrambling to not lose sales from consumers who increasingly don’t carry cash.

On top of that, they’re pounded by hacking attempts from criminals wanting to steal payment information, meaning their cybersecurity must be top notch.

But in their most simplistic form, “you can think of them as being these huge data center-based companies that are processing billions upon billions of transactions, 24/7, 365,” said Lisa Ellis, an analyst at MoffettNathanson.

On Feb. 26, when Fiserv, one of those payments processors had an internet outage, merchants across the US couldn’t take electronic transactions until the issue resolved. The company services to a majority of fast-food restaurants, which explains why Chick-fil-A, McDonald’s, and Popeye’s were some of the businesses affected that day.

Fiserv, alongside FIS, Global Payments, and JPMorgan Chase, account for about 80% to 90% of the payments processing industry in the US, according to MoffetNathanson. That means each time you swipe your card, there’s about a 90% chance one of those businesses is responsible approving the payment.

A case of an “outage,” in which many merchants can’t process card payments, is extremely rare, according to Ellis and Robert Le, an analyst at PitchBook. That’s because the processors have backups for every single part of the process.

“The IT infrastructure of any large company has a whole backup plan to it,” Ellis said. It’s “a business continuity plan that says, ‘OK what’s the redundancy that’s built in here in case something goes down?'”

Payments processors have backup internet providers and backup data centers that process payments in case one data center goes down. If a card is taking longer than normal to authorize, it might be because the payment is being routed to a data center farther away.

A spokesperson for FIS told Insider the company has heavily invested in its infrastructure “to minimize the likelihood and impact of an outage.” It regularly tests backups, like its “auto failover” that allows payments to move between data centers as needed, they said.

Global Payments didn’t respond to Insider’s request for comment, and a representative from JPMorgan Chase declined to discuss company operations and cybersecurity measures.

As for Fiserv, which had the issues in February, a company spokesperson said: “Redundancy and resiliency are built into our solutions.” That includes multiple internet service providers and data center backups across the country, they said.

In February, despite the hours-long wait many merchants had in being able to once again accept digital payments, Cave said Fiserv’s internet backups worked as intended. She added that, “the initial internet service provider outage created a secondary impact for some clients.”

A widespread, long-term outage at a payments processor is “very rare,” Le, the Pitchbook analyst, said.

So rare, in fact, that when Visa, a payments provider that works with the processors, had an outage in Europe in September 2018, people thought it might have been a terrorist attack, Ellis said. More than 5 million transactions failed over the 10-hour outage because of a rare data center malfunction, Finextra reported at the time.

“People were freaking out,” Ellis said, “because it’s so unusual.”

Though the Visa outage was a data malfunction, payments processors and others in the network must be on top of cybersecurity to prevent service problems related to a hacking. They’re “bombarded constantly with cybersecurity attacking attempts” because criminals are wanting to get payment information, Ellis said.

“Aside from military agencies and stuff like that, they’ve got to be some of the most attacked networks in the world because they contain payment information,” she said.

Read more: A ‘coiled spring’ is set to unleash massive growth for card giants like Amex, Mastercard, and Visa. Experts explain why the market will take off in 2021.

Outages, though rare, likely affect merchants the most, considering the lost sales and damage to the brand reputation with customers, according to Le.

“Consumers nowadays don’t carry any cash,” Ellis said. “So if you were in a store buying anything of a reasonable size and you couldn’t use a card, most consumers would just walk out.”

Over the years, cash has become less widely used as card payments have taken over. Card penetration, or the number of consumers using a card instead of cash, is about 60% to 70%, according to Ellis, but that varies across the country. In New York City, for example, card usage is even higher.

If there was a big outage at a payments processor in the future, it could “lead to a call to bring cash use back into the system,” Le said. But in the long-term, merchants are likely to look for support from multiple payments processors, instead of just relying on one, he said.

Large businesses in the US usually do have multiple processors, so they have a backup in case one goes down. But smaller merchants generally don’t, Ellis said.

Amid the COVID-19 pandemic, cash increasingly became a thing of the past, as merchants sought to use more contactless payments to avoid exposure to the virus. And the future of payments is likely digital, as Insider Intelligence predicts they will continue to grow from 2023 and beyond.

Read the original article on Business Insider

Visa slips 5.5% on report the DOJ is investigating the firm’s debit-card practices

visa cards

Shares of Visa slipped as much as 5.5% on Friday after a report said the Department of Justice is investigating the firm’s debit-card practices.

Visa is under investigation for “anticompetitive practices” in the debit-card market, reported the Wall Street Journal, citing unnamed sources.

The Foster City, California-based financial services corporation is specifically being investigated for possibly limiting merchants’ ability to route debit-card transactions over less expensive networks.

Visa and other credit card companies use what are called “network fees” as a main source of revenue. Although these fees are invisible to consumers, they can heavily weigh on merchants and be very lucrative for card companies.

The DOJ is probing whether Visa’s move to prevent merchants from avoiding their network fees could allow the firm to illegally maintain its leading market position, the WSJ reported.

Visa stock is down nearly 7.5% since hitting March 11 record highs of over $226 per share.

Before this latest news analysts were overwhelmingly bullish on shares of Visa. The company boasts 49 “buy” ratings, six “neutral” ratings, and zero “sell” ratings from analysts.

Most recently, Morgan Stanley maintained their buy rating and $253 price target on Visa in a note to clients on March 16.

Visa stock traded down 5.16% as of 1:23 p.m. ET on Friday.

Visa chart 2
Read the original article on Business Insider

Pornhub purges millions of unverified videos amid allegation of hosting child pornography

Pornhub
Pornhub, a popular pornography site, is one of the most visited websites in the US.

  • The popular pornography website Pornhub is deleting all unverified content on its platform, the company announced on Monday.
  • “As part of our policy to ban unverified uploaders, we have now also suspended all previously uploaded content that was not created by content partners or members of the Model Program,” the company said
  • It’s the latest response from Pornhub following a New York Times column that accused the company of hosting child pornography and other illegal content, like videos filmed without the consent of those featured. 
  • Both Visa and Mastercard have pulled their charging services from Pornhub, and Pornhub has announced plans to verify all the content on its platform.
  • Visit Business Insider’s homepage for more stories.

Pornhub is purging all unverified videos from its platform – the latest move in an ongoing response to accusations that the popular pornography website hosts child pornography.

“As part of our policy to ban unverified uploaders, we have now also suspended all previously uploaded content that was not created by content partners or members of the Model Program,” the company said in a blog post on Monday morning. “This means every piece of Pornhub content is from verified uploaders, a requirement that platforms like Facebook, Instagram, TikTok, YouTube, Snapchat and Twitter have yet to institute.”

The company did not confirm how many videos were removed from the site, but Motherboard, which first reported the news, notes that the number of videos visible on Pornhub’s search function went from 13.5 million to 4.7 million on Monday morning. 

Pornhub previously operated like YouTube, but with a focus on pornography, where anyone could upload a video to the service.

In a column written by Nicholas Kristof in the New York Times, Kristof described videos on Pornhub that he said were recordings of assaults on unconscious women and girls.

“The issue is not pornography but rape. Let’s agree that promoting assaults on children or on anyone without consent is unconscionable,” Kristof wrote on December 4.

The column called for Visa and Mastercard, two credit card companies that Pornhub works with, to stop working with the company. One week later, both companies officially ended their relationships with Pornhub.

Pornhub and its parent company Mindgeek have denied the allegations in the Times. The company told Business Insider it employs a “vast team of human moderators” who manually review “every single upload,” as well as automated detection technologies. It did not say how many people were part of its review team.

“Pornhub has actively worked to employ extensive measures to protect the platform from such content,” a Pornhub representative told Business Insider. “These measures include a vast team of human moderators dedicated to manually reviewing every single upload, a thorough system for flagging, reviewing and removing illegal material, robust parental controls, and a variety of automated detection technologies.” Those technologies, it said, include tools created by YouTube, Google, and Microsoft that are intended to combat child pornography and sexual abuse imagery.

Following the Times report, Pornhub announced stricter guidelines on who can publish videos and what videos are allowed to be published: Only accounts which Pornhub verifies will be allowed to publish content. Monday’s announcement takes that one step further, and purges Pornhub of all previously unverified content. 

It’s unclear how many videos are being deleted from the service, and representatives didn’t respond to a request for comment as of publishing.

Got a tip? Contact Business Insider senior correspondent Ben Gilbert via email (bgilbert@businessinsider.com), or Twitter DM (@realbengilbert). We can keep sources anonymous. Use a non-work device to reach out. PR pitches by email only, please.

Read the original article on Business Insider