Target POS outage sparks interest in data protection

Consumers, retailers and service providers were stunned when two nationwide POS outages disrupted Father's Day weekend sales at Target Corp. Target CEO Brian Cornell attempted to minimize the damages in a June 19, 2019, interview with CNBC news anchor Becky Quick, stating, "Within a couple of hours, our teams were able to identify the root cause and push the fix to our stores and get us back up and running." However, this does not mean Target won't take a financial hit from the outages, which occurred on June 15 and 16.

According to Stefan Tapia, national sales manager at OptConnect, retail analysts have estimated the weekend's down time could mean up to $50 million in lost revenue for Target. "Throughout the payments industry, there are billions lost in sales every year because merchants don't have a data backup plan," Tapia said. "In addition to impacting merchant sales revenue, it affects ISO residual streams and customer retention, because most merchants view network outages as a processing problem. Nine out of 10 times, they don't think of their outage as a lost data connection."

Tapia additionally noted that in today's on-demand society, ISOs and processors that don't provide data backup plans are "stepping over dollars to pick up cents." Target's outage proves that interruptions of service can be catastrophic for both enterprise and mom-and-pop merchants. A negative customer experience can impact lifetime customer value, Tapia stated, noting that some customers who abandon checkout queues never return. However, with the proper tools, ISOs can prevent these issues from occurring throughout their merchant portfolios, he added.

Improve prevention, detection

Robert Lutz, vice president marketing and business development at Systech Corp., said Target's outage garnered national attention due to its size and scope, yet less publicized events frequently occur at smaller companies. While the Target event did not appear to be a local network issue, local outages are common, he noted. "Having a secondary connection to a payment processing network can get businesses back up and running quickly," he said. "However, redundancy is usually only found on mission-critical components."

While there is no way to avoid connectivity challenges, businesses can mitigate them by having a backup service that would take over. Simple things can also help, such as a having backup power supplies on hand, Lutz noted, as power supplies can be the weakest link in a network or POS solution. "Backups are not cheap," he said. "Having two things doesn't mean they always work because if you have two of something and one fails, how do you determine which one isn't working? NASA uses three systems to make it easier to detect when one is failing."

Lutz recommended taking the following steps to avoid POS outages:

• Perform network maintenance at times of low traffic, such as the middle of the night. This provides time to recover in case issues arise.

• Perform network maintenance on "sandbox" networks first to confirm changes work well. Then later, make the same changes on the live network.

• Ensure only qualified personnel have access to network configurations.

• Monitor network equipment for clues of pending failures. Use real-time notifications, not just daily reports, to detect unexpected high or low network traffic or increase in warning messages.

Continual, incremental testing

George Zirkel, senior vice president, head of global payments strategy at Transaction Network Systems Inc., pointed out that retailer ecosystems have become more complex and require sophisticated, multilayered backup plans. "The more complex retailer ecosystems become, with added capabilities and services, such as store operations, invoices, gift and loyalty, the more the chance of unintended consequences will sneak up on you," he said. "When POS were simple and untethered, the Target outage would not have been as big a story."

Noting that Target represents a different level of complexity, Zirkel said Main Street POS environments are becoming more sophisticated, and cloud systems are no longer limited to top tier retail. Generally speaking, as businesses become more interconnected, they need disaster recovery systems that separate mission critical elements from other aspects of their businesses, he noted. Omnichannel commerce is blending card not present and in-store transactions together; businesses need to conduct more regression testing and understand the potential domino effect of an outage across an enterprise, he added.

"Technology is constantly evolving; service providers and retailers must adapt and become more thoughtful about how to architect their networks," Zirkel said. "Not doing anything can be just as risky as making changes, because fraudsters can exploit vulnerabilities in outdated systems. Quality assurance environments need to look as much like production environments as possible. Have the ability to do incremental roll outs and perform testing in smaller environments before proliferating to the entire enterprise."

The Green Sheet Inc. is now a proud affiliate of Bankcard Life, a premier community that provides industry-leading training and resources for payment professionals. Click here for more information.

Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.