Tribe Payments Reacts to CrowdStrike Global IT Outage

Alex Reddish, Managing Director, Tribe Payments: “We are now in a period where we have seen large institutional payment rails fail more frequently than we have ever seen before. I cannot imagine a time when technology oversight was more important.

Today’s outage has affected brands like Microsoft and Morrisons, with consumers unable to make payments or operate as normal. Many may not realise that CrowdStrike’s systems underlie the issue. Although CrowdStrike is not a payment processor, the indirect consequences of its outage impact brand value and reputation for various businesses using its service. What we’re seeing today shows an incredible need for us to look at infrastructure beyond payments. How can we ensure ubiquity, security and resilience from a payments infrastructure perspective when the touchpoints within a payment or ecosystem extend far beyond it?

I think the DORA regulation is a foundation for solving this problem, though it won’t solve it entirely. DORA covers some aspects, but it will never be enough as we continually push the boundaries of efficiency and economic value. Digital and operational resilience should be a top priority for everyone, regardless of whether they’re critical infrastructure or not.

I don’t agree that fines are the most effective way to hold tech firms accountable. For large companies like Facebook, Meta, or AWS, a billion-dollar fine is merely a tax write-off compared to their market cap and annual revenue. Instead, we should consider restricting services. Why allow companies to maintain and deliver the same services when they’re not providing credibility or taking responsibility for their role in the ecosystem? In school, misbehaving students are removed from class. Why, then, in the world of payments, do we simply ask for money? It sends the wrong message: as long as you make enough money to pay the fine, who cares?

Why are we being reactive? When you look at PSD2, PSD3, the E-Money Directive, and other regulations, there has been a proactive attitude. Yet, we are reactive to core critical infrastructure. We often say we don’t want regulatory intervention, but we’re almost orchestrating our own downfall. It’s a self-fulfilling prophecy.”