Gemalto stumbles upon 2010 bug
The smartcard microprocessor was unable to recognize the year 2010 and subsequently treated the cards as invalid, much resembling the Y2K software problem a decade ago. The programming bug is affecting 20 to 30 million Electronic Cash (EC) cards and 3.5 million credit cards, mainly issued by German banking group BVR (Bundesverband der Deutschen Volksbanken und Raiffeisenbanken).
Retail groups said they reprogrammed all the POS terminals in Germany to ignore the defect and access other security features on the cards. ATM at banks have already been modified. "The problem was relatively limited," said a spokesman for the German retailers' federation HDE.Although some cash machines were quickly reconfigured to override the 2010 problem, many bank customers were forced to queue to withdraw cash over the counter.
Gemalto, as a major supplier to German banks, has been working with its customers on investigating and fixing the situation. Gemalto and the German banks are developing together a corrective process that avoids the replacement of the affected cards in Germany. Gemalto payment cards issued for other countries are not affected. According to ZKA (Zentraler Kreditausschuss – the German Central Credit Committee), acceptance of the concerned cards by the ATM (Automated Teller Machines) and point of sales terminals is widely re-established in the country. On January 13, Gemalto issued a statement to confirm the issue had been solved, and a secure solution had been delivered, verified and approved by the German banking authorities. This secure software solution allows to solve the issue without having to reissue the cards.
As a consequence of this incident, Gemalto will book a special provision to cover the potential consequences related to this event. This exceptional charge, of an amount estimated in the range of EUR 6 to 10 million, will be booked as part of 2009 results, modifying accordingly Gemalto’s expectation of around EUR 180 million adjusted EBIT for the year by the same amount.
On the other hand, G&D and Oberthur, one after another, announced that the smart cards they produced are not impacted and function normally.