At 2024-06-02 02:15 CEST we received an alarm from our surveillance that Nets transactions were failing with a processing error. We quickly determined that that the Nets server certificate had expired at 00:00 UTC. We contacted Nets command bridge and they started their own investigation.
At 02:45 We started investigating ways to temporarily bypass certificate validation and considered the security impacts. It was assessed that the security impact was acceptable compared to the business impact of failing transactions for a prolonged period.
At 03:23 CEST Nets also concluded that the server certificate had expired. From the dialogue with Nets it seemed clear that Nets would not be able to solve this issue within an acceptable timeframe.
At 04:33 CEST we released a change so certificate validation was bypassed. Transactions was processed again.
Nets have now renewed the certificate and we have removed the temporary certificate check bypass.
We are in dialogue with Nets to make sure that situations like this does not occur again.
Best regards, Billwerk+ Pay