The failure of numerous card terminals at the checkouts in German supermarkets continues. An IT expert shows that the failure was apparently only a matter of time – and the manufacturer now has a big problem.

At many German cash registers nothing works anymore – even the weekend is characterized by long queues and chaos in retail. The cause of the stress is defective payment terminals from the American manufacturer Verifone. Because the “most used terminal in Germany”, model H5000, is very old – and has actually been on the siding since 2018. The outage could have been avoided, explains IT expert Jan Wildeboer to the star.

Update missed, certificate expired

In order to understand what happened at the cash registers of Aldi Nord, Aldi Süd, Lidl, Rewe, Penny, Edeka, Rossmann, Toom and many petrol stations, you have to look at the cause of the failures. Because it is now clear that it is a so-called certificate error.

Such a certificate is a kind of proof of authenticity that confirms the identity of a computer – or a terminal. The POS systems thus secure the communication of the terminals, and a valid certificate is also required for the manufacturer’s maintenance work. If it is missing, the data flow comes to a standstill because a terminal can no longer “identify”, i.e. it cannot be verified by the counterpart.

According to Wildeboer, there was one last chance to avoid the MCA in December 2021. At that time, Verifone issued an update to renew the said certificate and continue to enable smooth processing of payments. But “unfortunately, the update was probably not installed on all H5000s out there,” explains the IT expert. The result: “When the certificate expired on Tuesday, it became impossible to install the update in the usual way.”

Repair only possible on site

“Why the update wasn’t installed everywhere?” asks Wildeboer and also provides the explanation: “Well, there are many regional POS system providers who serve small or medium-sized businesses and where updates are probably not handled so stringently, unfortunately. Then it has you often still have returns and replacement devices in the closet and then they are not always updated.”

It seems surprising that not only the small businesses mentioned are affected, but also Germany’s largest retail chains. It is now clearer why not all devices are affected – just every H5000 terminal that did not receive an update when it still worked.

But that seems to be enough for the perfect chaos at the cash registers – and to give those responsible headaches for a long time. Because every single terminal that is now on the road without a certificate has to be repaired or replaced on site, since remote maintenance has become impossible once the unique identification has expired.

Due to the high age of the devices, an exchange seems better than a repair – the responsible payment service providers already have corresponding plans. The H5000 was launched in 2011. In 2018 Verifone announced the end of support, in 2021 production and sales were stopped. Verifone promised limited support in the form of updates until 2023, by the end of 2024 every H5000 will have to be switched off one way or another because the device lacks the technical requirements for the “TA 7.2” terminal certification that will be valid from 2025.

Why was there hesitation for so long? “Because it was still possible,” the IT expert replies to our query.

Less cost pressure, more caution

In order to avoid such failures in the future, Jan Wildeboer advises – as with PCs and smartphones – to regularly update the devices. He explains: “You should make sure that you (or the operator of the POS system) consistently import updates. At the latest during the annual inventory you should check whether everything is up to date. Better at least once a quarter.”

However, Wildeboer does not see a return to cash in Germany – he believes that skepticism about cashless payments is inappropriate. Rather, he would wish for more caution when operating devices that are so important to our everyday life. It is true that retailers should not be obliged to install new devices at the checkout every year, but the “immense cost pressure” and the resulting savings are also not expedient – as can be seen in the current example.