Latin America Advisor

Financial Services Advisor

A Daily Publication of The Dialogue

How Unstable Has Mexico’s Payment System Become?

A major technical failure left customers across Mexico unable to make credit card purchases and withdraw money from ATMs on Aug. 10. // File Photo: Pixabay. A major technical failure left customers across Mexico unable to make credit card purchases and withdraw money from ATMs on Aug. 10. // File Photo: Pixabay.

Problems at a data processing center led to a widespread collapse of Mexico’s banking system on Aug. 10, leading to declined transactions as consumers failed to make credit card purchases, withdraw money from ATMs and perform other financial tasks. The failure came at the same time that Mexico’s government is considering a ban on paying cash for gasoline and tolls in order to prevent money laundering and draw more people into the formal economy. How stable and secure are Mexico’s payments systems? What must be done in order to prevent a similar breakdown in the future? How will the country’s new digital payments platform affect consumers and businesses?

Greg Ahlgren, partner at Diaz, Reus & Targ: “The recent nationwide network outage in Mexico clearly demonstrates that the country is incapable of going ‘cash-free’ on highways, gas stations or anywhere else. Had it not been for Mexicans’ traditional reliance on cash, the outage could have been disastrous. At this point, Mexican payment systems lack the network resilience and redundancy that would allow a totally cashless ecosystem in any area of the economy. Apart from the recent widespread outage, it should be noted that payment system failures occur frequently and unpredictably in Mexico—even in principal cities such as Monterrey and Mexico City. The electronic payment situation in lower-tier cities is even more problematic. New payment platforms may contribute needed redundancy to the commercial ecosystem in Mexico, but nationwide implementation of such platforms appears to be a distant objective at the present time.”

Alejandro Tapia, senior director for Latin American Financial Institutions at Fitch Ratings: “While the payment systems in Mexico in the last 18 months have experienced some weaknesses, Fitch considers that these in general are relatively safe and point to greater stability as a result of the actions implemented by the financial regulators following the cyberattacks on the central bank’s Spei payment system in 2018. Although the attacks had limited financial effects (less than 0.01 percent of total customer deposits) and reputational risks were contained, Banxico has been proactive in demanding stronger controls to the market participants. Banks must have an information security officer, detailed contingency plans and proactive surveillance and reporting. Banks also continue deploying investments in controls, while Fitch notes a greater use of insurance policies. Despite the actions undertaken, Fitch believes payment systems still show room for improvement relative to international best practices. The recent interruption of services of one of the country’s largest payment processors (PROSA) highlighted that the local payment systems’ capabilities have to be deepened and controls strengthened. With preliminary information, Banxico has pointed to PROSA’s electrical infrastructure as the source of the problem. The initiative to implement a new payment system (CoDi) is perceived as positive, but the benefits could be achieved over the medium and long term only. CoDi is an alternative that will reduce the use of cash and support anti-money laundering initiatives; it is also aimed at reducing costs for banks and clients, while providing more security. Additionally, it should boost financial intermediation, which is still very low in Mexico.”

Alejandro Landa Thierry, partner at Holland & Knight: “In general, payment systems are very stable. In Mexico, two main companies handle electronic transactions. Each one has a double system—one main and one relief system. The problem at the time was that the main system had a failure and the relief did not engage due to a problem in the component that triggers the relief system input. To prevent breakdowns in the future, we need to ensure that regulators always have an alternate relief system and a disaster recovery plan to ensure that they can switch operations without problem. Banking the entire population will help ensure access to higher credit, better digital services and insurance. It will help to increase the sales that are currently limited to the guarantee of a credit card and, in general, it would greatly help the growth of the country, regardless of the increase in tax revenues. However, it is very unlikely that the Mexican economy can be totally moved to digital. In theory, this will help to control the economy and avoid money laundering issues in the short term. The digital economy without the proper controls may be risky as it can also be used for money laundering through Bitcoin.”

Tapen Sinha, professor of risk management at the Instituto Tecnológico Autónomo de México and professor at the University of Nottingham Business School: “Mexico is a country with more than 60 percent of its population with no bank account, and another 10 percent who hardly use it. There are 46 million cars in Mexico. Many small traders (the so-called changarro owners) have to use their vehicles for trade but have no bank accounts. The ban for paying cash and tolls will have clear adverse effects on these traders. The Mexican financial system works very efficiently with SPEI and other forms of electronic payments—but only when it works. Moreover, for electronic systems in banks, by default, if an unwanted transaction happens, the onus is on the account holders. There is no insurance available to protect one’s account unless one is willing to pay 10 percent of the deposit to buy a separate insurance policy just to have the money protected for one year, unlike in other OECD countries. In April 2018, hackers siphoned off some $15 million to $20 million out of the Mexican financial system. Banxico has been very reluctant to give out details of how that happened. However, we know that it was done by ‘mule’ accounts—many transactions happened each with less than 5,000 pesos transferred—which attracted very little attention in the system. The hackers probably accessed commercial bank connections to SPEI and, eventually, SPEI’s transaction servers themselves to execute the heist. The hackers could do that because the SPEI app is full of bugs at every stage of execution.”

The Latin America Advisor features Q&A from leaders in politics, economics, and finance every business day. It is available to members of the Dialogue’s Corporate Program and others by subscription.