Retailers suffer as attack hits e-payment provider

A denial of service attack forced internet payments firm WorldPay offline for three days last week, despite a desperate battle by...

A denial of service attack forced internet payments firm WorldPay offline for three days last week, despite a desperate battle by IT staff to keep systems up and running.

More than 10,000 UK-based online retailers, including Sony and Vodafone, were affected by the attack, which the Royal Bank of Scotland-owned payments services firm described as "concerted and co-ordinated".

Payment processing systems, e-mail and the corporate website were all hit. E-mail communication was restored on Tuesday afternoon but the payment processing systems - vital to the running of online merchants' operations - were down until Thursday evening.

WorldPay has failover and disaster recovery technology in place and uses multilayered security, but these measures were not enough against the scale of the attack, said Simon Fletcher, head of UK communications at WorldPay.

"It is not as if we lost a server - this was a co-ordinated effort," he said. "The key for us is to try to get on and resolve the issue and take lessons so it does not happen again. Although we have been subject to a denial of service attack, the integrity and security of our systems and data is in no way compromised."

The Federation of Small Businesses said the attack on WorldPay's systems would undermine his members' confidence in e-commerce.

"This is hugely damaging," said David Bishop, spokesman at the FSB. "The majority of small businesses use third parties such as WorldPay for payment processing. This attack is going to have an immediate impact on the cashflow of online retailers and will undermine small retailers' confidence in e-commerce."

WorldPay, which has 27,000 users globally, said there was no apparent motive for the attack, which appeared to originate from computers in Ukraine.

During the attack the bank set up a back-up process, supplying customers with new addresses that would bypass the current system. However, this required customers to modify their own systems to make it effective.

Read more on IT for small and medium-sized enterprises (SME)

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.