One single type of payment terminal (the Verifone H5000), a rather old platform, officially announced End of Life 2018 with some sort of support until 2023, brought down big parts of card payment all over Germany as one of the embedded certificates expired unnoticed on Tuesday.
Sources. “the official PCI 3 expiration date is April 30, 2021 […] Products with expired PCI 3 approvals are not eligible for new sale or new deployments other than repair and replacement of like products.” https://www.verifone.com/sites/default/files/legal/pci_3_discontinuance_bulletin_november_19_2020_final.pdf
I had some problems with threading. My apologies. Here’s the complete thread for your amusement: https://threadreaderapp.com/thread/1530227390286290944?refresh=1653732482
@Reizzentrum Yep. Sort of. According to one of my insider contacts 11 years ;) And the final, final date to update was 2021-12-25. Christmas Day. Oops.
Does the expired PCI 3 certificate not affect the functionality of the devices?
How comes that this issue suddenly pops up in May 2022 while the PCI 3 certificate expired in April 2021. Shouldn't the devices just have stopped working last year?
I remember news about other cases of expired certificertificates where entire websites went down because the SSL certificate expired. So there was no functionality beyond this point. Is this a different case?
@Lanthanus As I’ve quoted from the announcement - they can continue to be used at existing installations, but should not be deployed at new installations.
@jwildeboer this is such an operations/management fuckup that it's only the lack of broad understanding of certificates that keeps the responsible ones in their jobs.
@jwildeboer we were told our devices shall remain connected and powered to supply the update remotely but nothing happened since Tuesday....
@stefan Keep em running. An update for a platform that has lost its PCI3 certification in April 2021 needs a bit of time ;)
@mvanderheide it shouldn’t happen. This will cause a lot of court cases etc by vendors/merchants against their payment service provider who will try to get it back higher up. What a mess. I tried to document the situation to make sure people understand what really happened and that it is a rather catastrophic oopsie but not some sort of hacker attack or conspiracy.
@mvanderheide Ouch. The H5000 platform lost PCI3 certification in April last year. https://social.wildeboer.net/@jwildeboer/108375069938376909
@jwildeboer Oh, THAT is why I saw or heard about "no card payment possible" problems in multiple shops today...
😆😂 omg, I didn't search for the cause, and was just wondering today, why I still can't pay with card.. 😆😂🤣🤣🤣
Ein einziges Zahlungsterminal (das Verifone H5000), eine ziemlich alte Plattform, die offiziell das Ende des Lebenszyklus 2018 mit einer Art Unterstützung bis 2023 ankündigte, brachte große Teile der Kartenzahlung in ganz Deutschland zum Erliegen, da eines der eingebetteten Zertifikate unbemerkt auslief Dienstag.
Mastodon instance for people with Wildeboer as their last name