Verifone H5000 Card Terminal: Serious software error


Status: 02/06/2022 14:43

In many places in Germany, it is still not possible to pay by card as the problem with payment terminals is a long process to be solved. Why? Answers to the most important questions.

Author: Steffi Clodius,

What happened?

Since May 24, technical problems have arisen in many places with a certain terminal from the American manufacturer Verifone, which offers cashless payments: card payments are only possible to a limited extent or not at all. Initially, this meant that many customers unexpectedly had to pay in cash. Edeka, Aldi Nord and Rossmann retail chains were among those affected by the failures. In some cases, the markets have replaced the currently affected terminals with other devices.

Which hardware is affected – and where?

Only the Verifone H5000 payment device causes problems. According to the manufacturer, it is the most used card reader terminal in Germany. Like Verifone announced that it was distributed by the end of 2019. This does not apply to all other devices of the company.

According to a study by the financial blog “Finanzseen”, around 350,000 devices were in operation throughout Germany in 2018. This would be the equivalent of about a third of all giro points. The Verifone H5000 is used not only in retail but also in other places: for example in restaurants or leisure facilities such as swimming pools.

What is a disturbance?

According to Verifone, the cause of the interference is a software “failure”. Speculation that a hacking attack could be behind it, says the producer “We would like to emphasize that the problem is neither related to an expired security certificate nor to a system vulnerability.” In addition, it does not pose a security risk when processing payments. Experts have expressed the suspicion that the problems could be caused by an expired security certificate.

It is certain that the device will only be delivered with software updates until the end of 2023. By then at the latest, it should be replaced with new retail terminals anyway to avoid security gaps and disruptions. Many affected people used the current problems as an opportunity to replace the H5000 with a new card reader. It was like that in Aldi Nord and at the Netto discount store belonging to the Edeka Group.

How is the problem solved?

Software updates must be sent to devices by financial service providers who process payments for their customers. This is very time consuming as each terminal has to be serviced by specialists.

Like one of these financial service providers, Payone, announced: “Verifone has now provided the necessary troubleshooting package to restore the functionality of the affected H5000 terminals to apply the modified software update.”

Payone immediately started using this solution for selected customers: “We […] they were already able to achieve the first positive results ”. Now, thanks to the prepared logistics chains, the deployment of technicians on site would be successively coordinated and carried out, and the defect can be removed by updating.

Alternatively, users of the device can replace it early with a new, more modern terminal. Payment service provider Payone says: “The first terminals have now been replaced and additional replacement devices have been purchased.”

Payment service provider Concardis even advises its customers to take this step: “After thorough testing, however, we believe that the solution is an interim solution due to complexity and the residual risk of error,” Concardis writes. “[Wir] we continue to advise our customers to dealers, first and foremost, to replace terminals ”. There are sufficient terminals in the warehouse for the replacement of the equipment to be carried out successively for all customers of the dealers concerned.

It is important that those affected do not simply turn off the terminal. “We ask our clients […]do not restart the devices yourself for now and leave them connected to both the mains and the mains for troubleshooting, ”says Concardis.

How much longer?

As each terminal has to be equipped with new operating software by the technician on site, it may take some time for all devices to be operational again throughout Germany.

According to Payone, the “online needs determination form” should now help “plan adequate resources for the days and weeks to come.” It will say: It may take a while for each affected store to find a technician to restart the H5000.

What are the alternatives?

Of course, customers can pay with cash everywhere. In addition, merchants can use the card payment method based on direct debit. Instead of typing in a PIN, customers have to sign – until recently this was a common procedure that is still used in some cases.

The problem, however, is that many people not only pay without cash at the checkout in the supermarket, but more and more often also withdraw cash there. In this context, consumer ombudsmen point to the problem that banks are continually thinning their branch networks and the number of ATMs is declining. More and more customers are also dependent on this feature of the card terminal if they do not want to travel long distances to the nearest bank branch.

Why was the Financial Supervisory Authority involved?

The financial regulator BaFin is also dealing with an unprecedented setback in Germany and, according to its own statements, is in close contact with various payment service providers, the Federal Information Security Authority (BSI) and the Bundesbank. Like power announced that “in order to better assess the situation, an inquiry was made among the payment service providers that may be concerned”. The goal is to “get a better picture of the interference range”.

The authority’s focus is not on Verifone, but on the payment service providers Concardis and Payone. As financial service providers, they are subject to the supervision of BaFin. This does not apply to Verifone as the manufacturer of the device.

Leave a Comment