What would happen to your business if your credit card processor shut down? If you do online bill pay, what would happen if it shut down?
Millions of people and businesses got to figure that one out this month when Paypal’s TIO Networks unit suddenly shut down. TIO does payment processing, both for merchants and for consumers who use it to pay bills at kiosks in malls, at grocery stores and other locations.
Paypal paid over $230 million for the company earlier this year.
Whether they were aware of the breach at the time that Paypal bought it or not is not clear.
In fact, all that is clear is that over a million and a half users had their information compromised.
Paypal’s decision was, on November 10th, to shut the unit down until they could fix the problems.
The impact of this shutdown varied from group to group.
If you are using the bill pay service at the grocery store, you are likely to go to another location. Unfortunately, for TIO Networks, many of those customers won’t come back. While this may be annoying for customers, the annoyance was likely manageable.
For merchants who uses the vendor as a merchant payment processing service and magically, with no notice, the service is shut down, that could be a big problem.
This is especially a problem for organizations that depend on credit cards such as retail or healthcare or many other consumer services.
We often talk about business continuity and disaster recovery plans, but if you operate a business and credit cards are important to you, then your plan needs to deal with how you would handle an outage of your credit card processing service.
In the case of TIO, after about a week they started bringing the service back online for a few people who were most dependent on it.
Things get a bit complicated here. Most of the time merchant payment processors require businesses to sign a contract for some number of years. Since the contract was written by lawyers who work for the credit card processor, it likely says that they aren’t responsible if they shut down for a week or two without notice. It probably even says that they aren’t liable for your losses and you are still required to pay on your contract.
If you switch to a new processor, you may have two contracts, Now what do you do?
To make things more complicated, if your payment processor is integrated with other office systems or point of sale systems, switching to a new provider is even more difficult.
I don’t have a magic answer for you – unfortunately – but the problem is solvable. It just requires some work. Don’t wait until you have an outage – figure it out NOW!
This is why you need to have a written and tested business continuity and disaster recovery program.
Information for this post came from USAToday.