Slashdot Mirror
Software Glitch Leads To $23,148,855,308,184,500 Visa Charges
Hmmm2000 writes "Recently several Visa card holders were, um, overcharged for certain purchases, to the tune of $23,148,855,308,184,500.00 on a single charge. The company says it was due to a programming error, and that the problem has been corrected. What is interesting is that the amount charged actually reveals the type of programming error that caused the problem. 23,148,855,308,184,500.00 * 100 (I'm guessing this is how the number is actually stored) is 2314885530818450000. Convert 2314885530818450000 to hexadecimal, and you end up with 20 20 20 20 20 20 12 50. Most C/C++ programmers see the error now ... hex 20 is a space. So spaces were stuffed into a field where binary zero should have been."
Interesting? You're assuming we're all computer geeks. Wait a minute...
Meh. What's 23 quadrillion dollars really worth these days?
This guy's the limit!
In EBCDIC, hex 40 is a space. Making this error if EBCDIC was used would make the charge a whopping $4,629,771,061,636,895,312 - 4 quintillion dollars!
So now the interest charges for the month based on average daily balance will be quit a lot.
While all this is plausible, of course, the 12 is octal for a UNIX newline and the 50 is the '@' symbol; let us not forget that there are a lot of assumptions being made here and a lot of speculation.
This is a boring sig
So what was the minimum payment on that?
Well, it has never been successfully tested.
This is how Obama is paying for health care.
Paying taxes to buy civilization is like paying a hooker to buy love.
Isn't that about the cost of a couple of packs of smokes and a bag of chips at one of those gas station stores? If he filled up the truck, too...well, that would just about account for it.
Dude should shut up and pay what he owes.
I've calculated my velocity with such exquisite precision that I have no idea where I am.
variable used before set
But type to get them to admit their software made a mistake when it happens to your account and it will be like talking to a brick.
So they weren't getting multiply charged by a site that claimed to only charge once, and only if you cancelled after the trial period, even though you can cancelled before the end of the trial period. Just spaces huh, who would have though?
Yes I am ashamed I signed up innocently, now realising torrents are far safer.
Jumpstart the tartan drive.
If I remember correctly, my credit card bounces into "crap customer mode" when certain activity like overcharges (or nonpayment) occur. This ups my interest rate permanently from 6% to something silly like 20%.
If this happens, I wonder how many people will be relieved to have the charges reversed, only to be upset next month when their rate is hiked.
Wrong. It could also be UTF8 which is a Unicode encoding.
He also felt a stab of fear that he had saddled all his unborn grandchildren -- and their grandchildren -- with a lifetime of debt. "Down the generational line, nobody would have any money."
Give me a break.
-Xoltri
Lets hope they didn't underestimate.
The number seems about right for Zimbabwe dollars.
...is that this was not caught by validity checks. Was this perhaps an error that affected only the printing of the statement?
Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
Yeah at 19% annually it would be 12050089064534.39, like a trillion a day.
It was probably partly overwritten by spaces
"There is more worth loving than we have strength to love." - Brian Jay Stanley
Is not so much the error(stupid; but, if corrected, not ultimately a giant deal); but the response of the cardholder to the error:
"The bank kept him on hold for two hours, during which time he contemplated the impossibly bleak financial future that might await him. He also felt a stab of fear that he had saddled all his unborn grandchildren -- and their grandchildren -- with a lifetime of debt. "Down the generational line, nobody would have any money."
For fuck's sake, people, the credit card guys haven't actually bought a law concerning hereditary debt slavery yet, and this guy thinks that it is already on the books?
Muszynski compared the giant debt reprieve to receiving "an amazing Monopoly card that says, 'Bank error in your favor.' "
Pathetic. This guy is grateful that Visa condescended to fix their obvious mistake(this isn't some he said/she said billing dispute, this is someone who allegedly spent more than the world GDP at a gas station)? What is this cringing bullshit? Either this guy is just a sad sack or, rather worse, the "customer service" we get, along with the kangaroo courts that are "mandatory binding arbitration" actually make thankfulness for not being screwed a reasonable response.
Still, isn't it funny how these kinds of "computer glitches" always seem to benefit the company, never the customer? Pretty interesting odds at play here.
Look back up at my post, now look back down, you're on the Internet. Now look back up. I'm a signature.
I am ruby programmer so i didn't understand what caused those numbers. somebody please explain.
-- It is the mark of an educated mind to be able to entertain a thought without accepting it. -- Aristotle
"Do you owe $23 quadrillion or more on your credit cards? Well I'm about to tell you a secret that the credit card companies don't want you to know. You can settle your debt for pennies on the dollar and get out of debt fast!"
Tired of FB/Google censorship? Visit UNCENSORED!
CICNA chief tells all.
I must've put a decimal point in the wrong place or something. I always do that. I always mess up some mundane detail.
Maybe they ran it through the Zimbabwe exchange conversion by mistake.
love is just extroverted narcissism
Leave, now!
--- "When you gotta do something wrong. You gotta do it right. (Fighter)"
But that 12 50 seems a little odd. That would be either "[DLE] P", or $46.88 which seems a lot for a packet of cigs.
For that money you could download dozens of MP3s via your US mobile phone while in Canada, and still have money left to pay the RIAA.
Seriously though the Visa transaction charge of 2% = 462,977,106,163,690
How could this transaction go through?
love is just extroverted narcissism
Will the IRS tax any party for this in any way tipped workers look out you may end up owning 15% of $23,148,855,308,184,500.00 of the bill even if this is a error yes the IRS is evil like that some times like that.
Will people get back billed / end up on a baned list as visa seems to be whipping out the full charge is the real charge lost now?
Will people get all there overdrafts taken off or just one even if they are not at error for all of them.
I always mess up some mundane detail :(
I'm a rabbit startled by the headlights of life
If I were him, I would have applied for a bailout, then gave myself a nice hefty bonus before going bankrupt.
It's the American Dream!
just imagine what the Over-the-Credit Limit fee would be if it were based on a percentage instead of the typical $39.
man....wonder if that counts as an automatic default...and thus 29.99% of that would be....holyshit
This has to be a VB code
Dim sum as String * 8
' Any VB programmer knows that VB will auto fill the String*n variable with n-Len(sum) spaces. Notice the pun on "dim sum".
' Let's see how many VB programmers are there around here ...
mov ax,4c00h
int 21h
Probably the transaction charge was handled in another sub-routine and was correctly handled.
I've lost all my marbles except one & It's fun to test angular & centripetal acceleration in my skull
Or bette, will there credit reflent that they paid back 23 quintillion dollars? The should max your rating, forever~
The Kruger Dunning explains most post on
I saw this earlier on another site which included a screen-cap, wherein there was a $20 Negative Balance Fee shown after the huge erroneous charge, so it would seem that it did trigger issues on the business logic level.
News for Geeks in Austin, TX
For credit card customers? Yes, it normally sucks. However, if the credit card company went after you FOR 23-QUADRILLION DOLLARS, even a pro-business Arbitrator would camel-rape them with a johnson the size of Saturn.
The money that was created out of thin air by this error is no more invalid than the trillions of dollars of Fiat currency that the Government forces down everyone's throat.
.
Nixon was an absolute bastard for getting us off of the Gold Standard.
.
Now money should not be backed by just one precious metal, but should be backed may various different precious metals and maybe some other precious resources. Full faith and credit is a joke.
.
Hey maybe they should give this guy a gold metal, because he could have single handedly used his debit card to pay off all out debts like Stan did in "Margaritaville".
.
Tsukasa: All I really want, is to be left alone...
Unicode needs at least 18 bits, which does not fit into 16. UTF-16 is pretty useless. Maybe UTF-32 is more logical so you never have escape sequences. But to save space, in general UTF-8 is a lot better.
It's good to know their system is able to handle $23 quadrillion charges, now I just need to get them to raise my limit a bit.
Is anybody else wondering what you would get to spend and turn the charge into a negative?
I've lost all my marbles except one & It's fun to test angular & centripetal acceleration in my skull
Yep. UCS-2 is the tool of the devil. It's consistent, sure, but it's a heckuva waste if you've got a lot of strings that are mostly ASCII. Microsoft uses it for their APIs since forever, and Python uses it internally, but these are low-level situations where consistent and fast encoding/decoding are valuable. Most of the rest of the world (the parts that use a Latin-based character set, anyway) have standardized on UTF-8. You'd be pretty crazy to lard up a database that's 99% English text with UCS-2.
If he also purchased gasoline, or purchased an entire carton of cigarette's that price could be accurate.
The article states that the gas station was his normal stop for cigarette's but doesn't state that the transaction in question only included cigarettes, so really, he could have bought anything.
Probably more offensive is that a glitch happened at all, large or small. It could have just as easily been $2.31 in which case he may have not noticed the overcharge and paid it. Charge several thousand people $2.31 too much and you can make an alright profit.
"During My Service In The United States Congress, I Took The Initiative In Creating The Internet." -Al Gore
so much for that contract.
That was not an "insightful" comment. WTF does it matter what a couple of hex digits mean in octal? What would you have said if it was 12 80? A field that should have held a binary large integer getting filled with ascii characters makes sense; a field that gets filled not with the binary representation of the ascii characters, but to suggest that some process would take the octal representation of those characters, discard the most significant digit and then pack them into hex nibbles (a kind of BCO - binary coded octal representation) is ludicrous.
The 12 50 is just an artifact of the number being rounded to the nearest $100 by the journalists reporting the story. Check it out; if you assume they were actually 20 20, you get an amount somewhere around $35-$36+some small change over the $23,148,855,308,184,500.00 figure mentioned.
Back in my college days in the early nineties, I had a debit account to which my parents deposited a modest monthly stipend, you know, student budget for weekday ramen and weekend beers. BTW, this was in Mexico.
One day, while using the ATM, I was startled to see a HUGE balance in my account, to the tune of billions or more, I can't remember how much. Of course I went back to the ATM the following day just to check the balance, and it was back to normal.
When it happened again the following week, just for the hell of it I withdrew a bit more than I had. Of course, next day my account reflected the negative balance. The huge balance repeated itself a couple more times during the span of a month, then it was gone and never occurred again.
Years later, while casually commenting on this to a couple of friends, one of them said the same thing had happened to her, but her account was in a different bank.
For a long time, I've thought that people within the system used the ATM grid to embezzle money, moving it through accounts to cover their tracks. But now I'm starting to suspect it may have just been buggy programming.
Lil' Thindime, lilting a lacrimose lament, krashes the kwaint konfines of Kokonino Kounty
I work in this industry. The only novelty here is that the error got into production, and was not caught and corrected before it went that far.
Submitters send files to processors which are supposed to be formatted according to specifications.
Note I wrote 'supposed to be'.
Some submitters do, from time to time, change their code, and sometimes they get it wrong. For instance padding a field with spaces instead of zeros. Woopsie...!
Seems that's what happened here. Sounds like a hex or dec field got padded with hex 20, and boom.
This is annoying, especially when the processor gets to help correct the overwhelming number of errors, and then tries to explain that it wasn't their fault. Plenty of blame to go around with this one.
And then explains why they don't both validate/sanitize input, and test for at least some reasonable maximum value in the transaction amount. A max amount of $10,000,000 would have fixed this. That and an obvious lapse in testing. This is what keeps my bosses awake sometimes, fearing they will end up on the front page of the fishwrap looking stupid 'cause their overworked minions screwed something up, or didn't check, or didn't test very well. I love one of the guys we have testing. He's insufferable, and he catches genuine show-stoppers on a regular basis. They can't pay him what he's been worth, literally $millions, just in avoiding downtime and re-working code that went too far down the wrong path.
Believe me, this is in some ways preferable to getting files with one byte wrong that doesn't show up for a month, or sending the wrong data format (hex instead of packed binary or EBCDIC, for instance) and crashing the process completely. Please, I know data should never IPL a system. Tell it to the architects, please. As if they don't know now, after the one crash...
If you knew what I know, you'd chuckle and share this story with some of your buddies in development and certification.
And pray a little.
At least it didn't overbill the cardholders by $.08/transaction. That would suck. This is easy by comparison. Just fix the report data. Piece of cake. Evening's worth of coding and slam it out in off-peak time. Hahahahaha!
deleting the extra space after periods so i can stay relevant, yeah.
Does he still get the airline miles for that one? I mean, even at 1 mile per dollar spent.... He can now book a first class ticket to mars...
I hope it was on one of the cards that gives him 1% cash back.
Lemme debunk a myth real quick for you folks.
If you EVER see a bank error "in your favor" or if your payroll check is off and you are over paid.......DO NOT SPEND THE MONEY
You will be charged for what you owe, and in some circumstances you can be prosecuted for using money that "was reasonably evident that you did not earn"
"This is the value of a summer spent and a winter earned"
If he can be charged that much, what's his credit limit?
No sig today...
"he had spent the profound sum in one pop at a nearby Mobil gas station -- his regular stop for Camel cigarettes" ;-)
Smoking is bad for your health... and wallet
I bet this didn't include ~12-13,000 x $2.3 x 10^16 in charge-offs. What's that in percentage terms I wonder?
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
01 CURRENT_BALANCE PIC X(20) COMP.
01 BILLED_BALANCE PIC 9(18) V9(2) COMP.
MOVE CURRENT_BALANCE TO BILLED_BALANCE.
My rough guess is that CURRENT_BALANCE was full of spaces/needed to be initialized from an error before hand.
May I please have my frontal lobotomy if I bring back the ashtrays?
On the other hand, there'd be a hell of a tax break for someone shown as paying 23 quadrillion dollars to the Visa CEO's favourite charity. Lifetime immunity?
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
But that 12 50 seems a little odd. That would be either "[DLE] P", or $46.88 which seems a lot for a packet of cigs.
This story says the $46.88 charge came from eating out at Wolfgang Puck's restaurant, in which case the $23 quadrillion dollars seems legit.
I wonder how many died from:
-- disbelief-induced-shock
-- from laughter-induced heart attacks
OTOH, that is going to be the DOD charge to taxpayers in a few years, when they are authorized to build a gateway to escape the Hell on Earth
Previously: "Linux... Toward the Sunrise..." Now: "Linux... Toward the-- No, now, part of Every Sunrise"
23 quadrillion is like 75 euro's these days..
I can handle that!
Even if it ends up being not the case here, there's not much I hate more than developers who pad their character data with spaces.
in her apartment, shivering, with no water, heat, or act contemplating that the rent is a crime, that the AC doesn't work in summer, and the heat doesn't work in winter... and then see says, "LORDS OF KOBOL... HEAR MY PRAYERS...HELP ME BEAT BALTAR SO I HAVE ENOUGH CUBITS TO PAY MY BILLS..."
Previously: "Linux... Toward the Sunrise..." Now: "Linux... Toward the-- No, now, part of Every Sunrise"
Holly: Busy, Dave?
Lister: Well, yeah. I am, actually.
Holly: Oh, then you won't want to know about the two super-lightspeed
fighters that are tracking us.
Lister: What?!
Holly: I'll leave you to your bubble blowing, mate.
Lister: No, Hol, come on, come on.
Holly: They're from Earth.
Lister: Three million years away?
Holly: They're from the NorWEB federation.
Lister: What's that?
Holly: The North Western Electricity Board. They want you, Dave.
Lister: Me? Why? What for?
Holly: For your crimes against humanity.
Lister: You what!
Holly: It seems when you left Earth three million years ago, you
left two half-eaten German sausages on a plate in your
kitchen.
Lister: Did I?
Holly: You know what happens to sausages left unattended for
three million years?
Lister: Yeah. They go all mouldy.
Holly: Your sausages, Dave, now cover seven-eighths of the Earth's
surface. Also you left seventeen pounds, fifty pence in a
bank account. Thanks to compound interest you now own
ninety-eight percent of all the world's wealth, but since
you've hoarded it for three million years nobody's got any
money except for you and NorWEB.
Lister: Why NorWEB?
Holly: You left a light on in the bathroom. I've got a final demand
here for one hundred and eighty billion pounds.
Lister: A hundred and eighty billion pounds! You're kidding!
Holly: (wearing Groucho Marx disguise) April fool.
Lister: But it's not April.
Holly: Yeah, I know, but I could hardly wait six months with a red-hot
jape like that under my belt.
Where is Manuel Garcia O'Kelly Davis when you need him?
"Jammie Thomas-Rasset's case was reviewed, and the review court decided the earlier sentence was too leinent."
My first Journal Entry ever, in 8 years! http://slashdot.org/journal/365947/aphelion-scifi-fantasy-horror-poetry-webzine
This obviously wouldn't have happened if the Programmer's Guild had supporting lifting the H-1b cap so there wasn't such a shortage of good programmers.
Seastead this.
"In a statement, Visa said the rogue charges affected "fewer than 13,000 prepaid transactions" and resulted from a "temporary programming error at Visa Debit Processing Services ... [which] caused some transactions to be inaccurately posted to a small number of Visa prepaid accounts.""
I call bullshit, Visa. Don't you people have some basic QA? If, say, a monthly statement (especially on a PREPAID CARD, for frack's sake...) exceeds the spending potential of a given client, flag the statement and alert a regional or local processing center manager.
FRACK! At the very LEAST your programmers should have been told (or, if they asked, been allowed) to put QA bounding-box fields on the statements. If a monthly charge font size to be printed is longer than the width of the statement imaginary box, eject the statement from the enveloping system, then punt it to a manager.
Having even FIFTY of these things get out is unprofessional, and plain stupid. Unfortunately, some dumbos pay without checking, then may have to wait several days or weeks, only to be told they won't get a reversal, but only a credit to offset future purchases...
Previously: "Linux... Toward the Sunrise..." Now: "Linux... Toward the-- No, now, part of Every Sunrise"
This reminds me of the time I transferred 100,000 miles from my Amex rewards account to one of my airline mileage accounts. I initiated the transfer on the Amex website. When I logged into the airline web site to confirm the transfer, I saw that it had been transferred in increments: ;)
32767,
32767,
32767,
and finally 1699
Different person. This apparently happened to a bunch of people. This story is about somebody in New Hampshire; the one you linked to is about somebody in Texas.
Check out my sci-fi/humor trilogy at PatriotsBooks.
I would like to commend this summary (and more importantly, the summarizer) for writing such a clear, cogent, and simple summation to this article. You explained the problem, the solution, and your thought process clearly in 5 lines. I don't know how you did it, but I can only hope to aspire to such greatness (no sarcasm). You've earned the Anonymous Coward's badge for Summation Excellence. Wear it with pride.
Her? Whatever. Starbuck will always be a man in my mind
Until this debt is reversed can Visa leverage it?
Even at a paltry 5:1 they could buy THE WORLD.
Porquoi?
Kudos to whoever figured that out. I am working on a project that sends dollar amounts for invoicing to PeopleSoft in flat files, and the format for all currency fields is exactly the one described: 16.4 digits, zero padded. So it seems perfectly plausible to me, not to mention very relevant. Hey maybe Visa uses PeopleSoft too... *shudder*
I wonder what would have happened if this was left on auto pay.
and why didn't the FDIC catch this ? it would make the financial institution pretty defunct if they authorized the transaction.
Oh, and it wasn't as simple as padding with spaces. Space is hex 20. Zero is hex 30. They should have been been billed 30 quadrillion-something. More likely it was a bad conversion. Still reason to waterboard the testers.
You should try converting packed binary to some flavor of EBCDIC, not knowing in advance which particular version EBCDIC they meant.
deleting the extra space after periods so i can stay relevant, yeah.
What's really strange is they're using 64 bits to express a charge amount. How many people are charging manned missions to Mars or the military invasion of a superpower to their Visa? A 64 bit credit limit must be quite the status symbol.
Is that in normal or Verizon dollars? :p
Carbon based humanoid in training.
Think of the frequent flyer miles. First class to the moon and back on PanAm!
Stupid Customer -- Don't Complain...Return the Item for Credit !!!
could be a carton (12-pack), or perhaps he filled up with gas at the same time
FRACK! At the very LEAST your programmers should have been told (or, if they asked, been allowed) to put QA bounding-box fields on the statements. If a monthly charge font size to be printed is longer than the width of the statement imaginary box, eject the statement from the enveloping system, then punt it to a manager.
That isn't even close to how the financial organizations function. There is simply zero drive to pre-empt problems as there is no major authority breathing down their necks and auditing every single iteration of their customer-facing software processes in great detail.
Moreover, the customers are individuals or small businesses, meaning there is practically nothing to fear in the form of loss of business due to dissatisfied customerbase or defamation. It's not like they have too many other choices.
Yet Socrates himself is particularly missed.
A lovely little thinker but a bugger when he's pissed.
Is real bill lost for ever. will people get back billed? Is the store out the cash? Will some people end up on the bounced check list / have to pay store fee for not having the funds?
Yeah, but look around. This bug hit hundreds of people, and at least one of them manned up. Er, only she wasn't a man, totally fscking up my childish metaphor. Stoopid reality, damnit.
It's been on digg, boingboing, yaddayaddayadda... slashdot's a little late to the party here. Christ, the Beeb even covered this bug already.
I really doubt it was maliciously done to try and trick any of those 13000 customers into really paying it.
For a long time zero was represented as a space, so the coders aren't incorrect, just 800 years behind the times.
Compound interest is a bitch, though.
Add all those numbers up together, divide by 8, and flip the calculator upside down and it spells out "BOOBIES"... weird.
... food? I mean, don't you need to eat for you to create a need to use the other product?
sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
A humorous nugget from the article not mentioned in the summary. This was a prepaid Visa. Just makes it that much more ridiculous. Perhaps it was his choice of storing this amount of money on a secured credit card that had him sweating. He must of built a time machine and drained his grandchild's bank account. Of course in the future that was their monthly salary.
"The stupid neither forgive nor forget; the naive forgive and forget; the wise forgive but do not forget." -Thomas Szasz
Toilet paper is a terrible investment if this hyperinflationary future ever actually comes to pass—everyone's wallets will be packed with it already!
but have you considered the following argument: shut up.
Moreover, the customers are individuals or small businesses, meaning there is practically nothing to fear in the form of loss of business due to dissatisfied customer base or defamation. It's not like they have too many other choices.
You'd get my mod points for this statement alone, if I had any....
You can exist without a credit card, but having one does make things easier, especially when you travel. But if you slip up on the rules, cc issuers will nail you. Few businesses would ever stand for that kind of thing but without significant legal protection, the cc issuers can do anything they please.
Stupidity is raised to a new level at cc banks. Several years ago, I thought I had paid off a card, only to receive a statement with a .33 balance on it. It cost at that time, about .35 to mail the damn statement, and who knows how much the processing costs were, and they paid for the call on the toll free number I made to ask if they really thought I was going to write a check for that absurd amount. The CSR removed the charge, but wouldn't it have made more sense for their systems to NOT produce a statement and automatically delete the charge?
I don't like a lot of government regulation, but when an industry is as stupid as the cc industry, clearly they need a lot of oversight.
== First cross river, then insult alligator.
This is another reason why the C and C++ languages should be reserved for a few, high profile uses such as making compilers. These languages should not be used for any general purpose language other than ones like C and C++ that allow you to royally shoot yourself in the foot with bad pointer arithmetic. What a doozy of an error all thanks to the "freedom" given the developer in the language. Surely, C and C++ are among the most powerful options available--but only for select applications. Do you drive a Formula One race car through Midtown Manhattan? I don't think so. You restrict them to racetracks. Thus too with C & C++.
Does the purchase qualify for sales tax? The Govt would like to pay off the national debt.
Sounds like the kind of error you could make in C#.
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
It is rather funny (and sad) that so much of the IT industry is still awash in problems that were observed, and solutions published for, with UNIX years ago. I've read at least three UNIX books that address this issue, among others. And yet the majority of IT industry (and even many "CS" programs) act like there just is not any solution to these problems, when I learned of them in undergraduate level courses.
"This is the Unix philosophy: Write programs that do one thing and do it well. Write programs to work together. Write programs to handle text streams, because that is a universal interface." - Doug McIlroy
"Those who don't understand UNIX are condemned to reinvent it, poorly." - Henry Spencer
I have come to a conclusion that one useless man is a shame, two is a law firm, and three or more is a congress -J Adams
In a statement, Visa said the rogue charges affected "fewer than 13,000 prepaid transactions"
Wow. Does that statement even need comment?
Property is theft.
It makes sense until people find out they'll forgive small amounts.
Then you wouldn't believe the number of people who would pay off all but $0.50 just because they can.
The preferred solution is to not have a problem.
I was once told by the head of operations of a large credit card company that when a (different) credit card screwed him, he got revenge by overpaying by $0.50. They have to keep track of that, send you statements, and eventually cut you a check. It'd probably cost them about $50.00, as long as you quit making pruchases with that card.
The biggest screwing I got was from Citibank Visa. We paid, but they claimed we didn't and charged us late fees and interest. Visa said we had to deal with Citibank, and Citibank said we had to deal with Visa. After back and forth several times, We got advice from someone in the business to get a copy of our processed check and what to look for. It turns out, Citbank had routed the check back to itself, rather than to our bank. We didn't have a Citibank checking account, so it was returned as insufficient funds. Citibank still tried to say it was our fault and wanted us to pay the late fees. I'll never use them again.
Shouldn't have checked his email from Mexico.
... we now have a solution to the growing national debt.
What about the inverse? You deposit 20 20 15 50 ($538,972,752), it add a space and gives you much more? Quick before your local city datacenter get updated!
If there were space padding in the field, would not every transaction suffer? Why only a couple of transactions?
Since our national debit has just hit 1 trillion dollars, we in the United States of American will be second to him in debit.
I'm very surprised that credit card company, bank or anybody else didn't have any alarm bells (more air raid sirens in this case) when this went through. Also I thought there will be limit on anyone could charge, not only the credit card, bank or even this case, the nation could get.
This shows there is something wrong with the financial system and that is the understatement of the century.
All the transaction errors that weren't so obvious, and where the card owner ended up paying it, because he could not afford defending himself.
Any sufficiently advanced intelligence is indistinguishable from stupidity.
A honest question: What's the point of this padding again? Especially more than 128 bit padding or similar things.
It is because C is unable to do simple things like be flexible in its data structures? ^^
Any sufficiently advanced intelligence is indistinguishable from stupidity.
Still reason to waterboard the testers.
Yeah, because that works so well too.. uh... remind me what it was that was supposed to accomplish again?
Blasphemy is a human right. Blasphemophobia kills.
But just think of the airline miles!
Advice: on VPS providers
.
Hey, what about us assembler programmers?
Anyone have the screenshot ? *checking dailywtf*
I am going to quit when a pack of smokes costs 24 quadrillion.
I used to work in the industry, the parent post takes me back. The rambling sentences, the mild hysteria, the whiff of over-caffeination... that is credit transaction processing, never a good nights sleep.
I wonder what a charge of $18,446,744,073,709,551,617.00 would do... $1 charge? (0xFFFFFFFFFFFFFFFF + 2)
Or maybe $9,223,372,036,854,775,809.00? Would that result in a $1 credit? (signed int?)
... and asked for an explaination.
"What happens in Vegas, stays in Vegas."
Have gnu, will travel.
from here [act 1, part way through].
You made a bad purchase. Now, do the right thing, and pay what you owe.
You screwed yourself if you actually paid them. The first step you should have taken is to file a fraud report with your states' attorney general consumer protection agency (it's free, you can do it over the internet). The credit card companies may feel like they can give you, the consumer, a load of shit but that changes quickly once you get the state involved.
Alternatively, if you're an asshole like me, you can max out your unsecured credit limits and then immediately file for bankruptcy. It's essentially free since you are using their money to pay for it. And you don't need to worry about your credit score taking a hit since creditors aren't extending credit to anyone anyway. I actually ended up with a better credit score after doing this.
I had something similar ring up when paying with credit card. However the guy canceled the transaction right away. It seemed the machine took my credit card number and used that as a charge, explains 16 digits. Hope that was not his credit card number... ooops?
I agree with the parent. I too do a good deal of database stuff where I work and I've come up with a little mantra.
If %99 of the query results make no sense, its the query language that's the problem. If 1% of the query results make no sense, its the input.
It doesn't matter if the input was done directly by a person or if the input was from a digital file. At some point, the information was ultimately entered by a person... garbage in, garbage out so they say. This goes for code and for data.
We have a staff member that simply ignores data requirments. Colen? Semi Colen? Same thing and it takes to long to hit the shift key...
No wonder we have to scrub only her input. The devil is in the details and when dealing with a database, the smallest things can cause interesting problems.
I loath the day when she (a smart and curious person) decides to start learning sql. She is the kind of person that would learn about sql just enough to learn how to do an sql injection that executes drop table * just so she doesn't have to do the data entry.
A major part of her job is data entry by the way.
What does she care? She gets to go home early and someone else has to stay late right?
I'm glad I'm not dealing with data this as important as the parent. I probably would have killed her by now.... just so customers affected by the work she does at her next job don't have to suffer.
Yes, I know it shouldn't be possible... the data should be validated before its uploaded into the database. However, when you run the backend database and the front end the users see is not under your control, you have a much harder time of it when the html coders are more interested in look and feel than function. "Oh that will never happen and it will be alot of work."
Nope, it IS happening and rather than address the problem, you merely pasted the work down the line. These developers that know nothing of sql other than how to right an ODBC connection string and call a pre-written query should also be shot. Why the hell are you writing code that touches a database without understanding what your code can do to the database? Sure, you don't have to be able to do my job, but you should understand enough about it to intermingle without problems AND should listen to the person who fixes the problems you can't fix when they say something. Your right to code your website the way you want ends THE MOMENT you query my database.
People just don't get that 1 is NOT 'close enough' to 0 when it comes to computers.... there simply is no 'close enough' - there is only correct and everything else.
I don't blame people for making mistakes - were human beings and to error is human. Then again, when its repeated or malicious or just plain incompetent, well, if I have to break a date with a girl I like (who knew anyone would to get away with that on slashdot?), I'm certainly NOT divine in my reaction. Next target is management that keeps people like this on staff to avoid paying un-employment or is not qualified to understand the nuance of their decision to not enforce standards in data entry or downline sanitation because 'Its not important - my web guys told me so.'
It doesn't matter if you understand why or why not a certain action could be a problem. If you pay an expert to tell you these things, you listen to them... otherwise, why did you hire the expert with knowledge you don't have in the first place?
Do you second guess your doctor when they tell you that the new must have medicine you saw on TV would kill you? Of course not, you never asked your doctor did you? The doctor is just supposed to give you a different pill to make it all better right?
See how little sense that makes? Of course not - the first pill killed you and now you see nothing.
You brought on a good point. Since this is a debit card how does his bank account not getting freezed because he has TWO transactions exceeding $5000.00 and not getting freezed for 7-30 days by procedure to prevent money laundering...
A bank did that to me while I was still in school when the financial aid finally came in. Took them over a week after I went to the branch to have them unfreezed. This is why I hold my main checking account with a credit union to this day, even though I have accounts with other major banks.
I work in this industry. The only novelty here is that the error got into production, and was not caught and corrected before it went that far.
That explains why there are so many software testers currently looking for work. The CC industry doesn't use as many of them, anymore.
Some submitters do, from time to time, change their code, and sometimes they get it wrong. For instance padding a field with spaces instead of zeros. Woopsie...!
You're still using legacy zero padding? You should be doing things in XML.
Seems that's what happened here. Sounds like a hex or dec field got padded with hex 20, and boom.
Not quite. If it were padded with space characters, you get 0x20 in each byte (and that's just what this number had in the first 6 of 8 bytes). If it were padded with zero characters, you would get 34,723,282,962,276,803.04 or so.
The REAL problem here is that the code was interpreting 64 bits as internal binary integer, when the data that arrived was at least 6 ASCII space characters. In other words, the data was in an old legacy format with space padding (which is easily handled by decimal conversion code along with zero padding), but the code expected a raw 64 bit integer, perhaps in the big-endian byte order.
This is annoying, especially when the processor gets to help correct the overwhelming number of errors, and then tries to explain that it wasn't their fault. Plenty of blame to go around with this one.
It was clearly someone's fault. Possibly a programmer not applying the proper field conversion? Perhaps the code was intended field conversion in place (replace the memory that has ASCII digit characters with the binary representation) and the conversion bailed out for some reason and the calling code didn't properly detect that (hint: in today's dollar amounts, the highest order byte of 64 bit integers should be zero).
Even if a programmer is to blame, management is not blameless. And maybe it's not even a programmer to blame. Ultimately, the real blame does lie with management who should have seen to it that errors never happen. Of course, errors do happen and while the blame may be correct, it's really cheaper apply 99.999% perfection instead of 100% perfection. It's not that serious a blame ... at least as long as problems get corrected.
And then explains why they don't both validate/sanitize input, and test for at least some reasonable maximum value in the transaction amount. A max amount of $10,000,000 would have fixed this. That and an obvious lapse in testing. This is what keeps my bosses awake sometimes, fearing they will end up on the front page of the fishwrap looking stupid 'cause their overworked minions screwed something up, or didn't check, or didn't test very well. I love one of the guys we have testing. He's insufferable, and he catches genuine show-stoppers on a regular basis. They can't pay him what he's been worth, literally $millions, just in avoiding downtime and re-working code that went too far down the wrong path.
I don't know that $10,000,000 would be high enough. The kind of error this one is could be detected with a test against 2 to the 56th power. A lower test might catch other errors. And whatever tests are done, they should be in their own class, module, function, macro, or whatever, and separate from the mainline code. Two tests should be applied, one being conservatively high but fixed by the coders (e.g. the 2 to the 56th power test) and the other being configurable for code used by multiple processors (they can choose their own closer to the edge sanity check).
Believe me, this is in some ways preferable to getting files with one byte wrong that doesn't show up for a month, or sending the wrong data format (hex instead of packed binary or EBCDIC, for instance) and crashing the process completely. Plea
now we need to go OSS in diesel cars
I would not be so sure of that. They post a screen shot in the story.
The 12 50 comes out to 46.88, which while a bit steep could easily be the bill on filling up a fairly large gas tank, or buying 2 cartons of cigarettes. Or buying a carton of cigarettes and filling up a small tank.
Interestingly, at least one other story on this issue also happened to use the same value. Perhaps this bug was specific to the dollar amount 46.88 in some way.
Stylish sheet to fix many problems in Slashdot's D3: https://gist.github.com/801524
For instance padding a field with spaces instead of zeros. Woopsie...!
You go girl
This is hilarious; there's actually more Emoney than there is real money. Think about that - stored electric impulses which amount to something of transactionable value. The system is now so flawed that it's off it's freakin' rocker!
Yikes.
I think from now on we have to carry with us a hex calculator and make all the calculations in hexadecimal... :)
(Would like a 0xCAFEBABE?)
Until the skies turn blue...
Until the air of freedom strikes us...
This seems a common COBOL error I've seen numerous times: Define an alphanumeric field, redefine it as a numeric field, and don't bother checking your input for "performance reasons" (or just plain stupid/lazy programming). Read the alphanumeric fields from a DB or a flat file, where everything is nicely padded with spaces, and use the redefined numeric field for your accounting. Errors like this can occur easily by novice COBOL programmers, or by too lax compilers (the compiler at the developer's firm is configured to quietly convert these spaces to zeros in such cases, while the mainframe compiler at the client is not).
int main(void) {while(1) fork(); return 0;}
Atleast he'll never have to pay for a flight again. I wonder how many airmiles he has now. Trip to the moon anyone?
Why should a C programmer know what ASCII is in hex? Am I missing something or are you doing web pages instead of system programming in C?
Please, I know data should never IPL a system.
Could you expand that abbreviation? I don't recognize it and none of the definitions that Google offers up make that much sense. (How do you "Indian Premier League" a system anyway?)
"Little does he know, but there is no 'I' in 'Idiot'!"
Doctor Evil is extorting people again.
It looks like someone filled in data element 4 of an ISO-8583 request as type an12 type instead of n12.
Tiller's Rule: Never use a word in written form that you've only heard and never read. You will end up looking foolish.
Padding is used in fixed-length fields.
There. Was that so hard?
Oh yeah, it is. Let me finish this.
'Our' submission files use combinations of fixed-length and variable-length fields. Fixed-length is easy, but variable-length is usually designated by a check byte that tells you what sort of data follows. Our submission file can overall be submitted as either fixed-length or variable length. Yes, the terms are mixed in the specification.
Why?
Well, among other things, many submission files include data intended for disparate systems. Some of these systems are new and purpose-built, and the data format is fairly efficient, but some systems are ancient and were never intended to do what they do today. It happens.
Some systems talk EBCDIC, some can't tolerate decimal, others are sensitive to input data. One can't pass anything above dec 0x127. One has to accept a binary blob. Yep, we have to parse that stuff out and mske sure it goes to the right system. Input validation is a bear.
I'm amused at this problem, as allowing that much field width for transaction amounts is pretty bad design. It is supremely unlikely to see a $10,000,000 charge for your typical cardholder. Even for your commercial cardholder. Just an unfortunate example of bad execution. Here, fixed-width is your friend.
And yes, an XML file would be magnificent. How would we improve things when most of our systems cannot parse XML? No, doing that much parsing in a separate system system is not worth the cycles, and interpreting data is left to the actual receiving system. And while XML is extensible, you don't want that in a submission file. It is supposed to conform to the specification.
As an analogy, you don't answer your teen-age daughter's phone calls and then scream the conversation to her and scream her responses back to the caller. When you realize the call (data field) is for her (other system) you just hand the phone (data) to her. Let her deal with it. If she has a question for you, like how much money can she have to buy something, you deal with that.
XML is not the solution. Neither is putting everything on one system. Those of you in the card business know why fraud stays off to the side. Like integrating anti-virus into Windows for instance. Once some processes are integrated into others, it becomes *one* process. Checks and balances disappear. Chaos reigns.
deleting the extra space after periods so i can stay relevant, yeah.
It gives a new meaning to the common $Hex notation, like $FF :-)
Trust me, in another 10 years you'll be wondering how people lived without 128 bit credit limits.
"If you owe $100,000 to the bank, the bank owns you, but if you own 23 quadrillion to the bank, you own the bank"?
Quite correct. So smoke if ya' got em'. It's for the children...
"Democracy." It's just a slogan.
Like? "cat -n" or "nl"? make? Awk? Perl? bash/zsh? Which mythical version of unix is this which has programs which only do one thing, but do it well?
ustr: Managed string API with ave. 44% overhead over strdup(), for 0-20B
I'm afraid you're wrong, sir or madam.
I am one of the victims of this programming error, and I can tell you that several thousand VISA debit transactions were miscoded with the same amount: $23,148,855,308,184,500.00.
I was not smart enough to look at my card number before I sent it off to Consumerist so that VISA could be made fun of. Happily, the string does not contain my (or apparently anybody's) credit (or debit) card number.
Never attribute to malice that which can be explained by mere idiocy.
Fortunately for Visa none of the affected customers will be suing, as they all died of heart attacks upon opening their credit card statements.
Visa doesn't do hex, and they certainly wouldn't convert spaces to binary. Most of the credit card import systems use formatted flat files. The problem is more likely an alignment issue and the credit card number itself was 4231 4885 5308 1845.
It looks to me like someone forgot to ltrim the value they had stored. I get why they used a varchar to store the data. I think most programmers here do. What I don't get is why they would assume a number coming from a varchar would not have leading spaced or trailing spaces for that matter.
Only 'flamers' flame!
Does slashdot hate my posts?
> Recently several Visa card holders were, um, overcharged for certain
> purchases, to the tune of $23,148,855,308,184,500.00 on a single charge
$23 quadrillion and change, eh?
"When the customers called the 800 help number, they were directed to "just pay it for now" and eventually they'd be credited with the amount. When one pointed out this was roughly a thousand times the cost of everything on Earth, they were transferred to the installments department."
(-1: Post disagrees with my already-settled worldview) is not a valid mod option.
well i don't really care how it happened, I'm just pissed that it did and I had no money for 2 days. I was unable to pick up medication that I needed, I couldn't drive over a couple miles because I couldn't put gas in my car. I'm glad this screw up had little effect on their life, other than a little extra work, because I was left to suffer in pain until this got figured out.
Initial Program Load
http://www.webopedia.com/TERM/I/IPL.html
we have a submitter who simply ignores grammatical requirements. "to" "too"? Same thing, and it takes too long to hit "o" twice.
NO ONE in major financial institutions uses XML for anything important. It's slow. It's redundant. And very importantly: It's not at all suited for stream-based processing.
Try setting up a "standard" XML parser to read "standard" XML which is of unknown length and routinely reaches 5mBps for three years. That is not something XML is designed for. Not only is it impossible to process sanely; but, even if it were: there's absolutely no way the features of XML would be remotely useful to anyone for that kind of data.
Using XML for simple data (like updates to airport descriptions) is fine. XML for anything serious and long-running tends to be a horrible idea.
Now, you could run a non-standard subset of XML and process it through a not-at-all-standard home-grown parser, but that is NOT XML.
As a special bonus: XML is also more than a little flaky about whitespace, and has zero (nada, none, nothing, NO) support for the one thing which would help in this situation: format constraints on a particular field. XML does not specify, and has no way of specifying, the difference or equality between "000008", " 8", "8", " 8 ", etc. XML is useless in this situation.
ok i figured i would comment a little about gold since it was brought up. Yes paper currency used to actually equate to an amount of gold in a vault somewhere until we went ape shit with printing money. Gold is still one of the best invest, it is pretty safe and the increase in value over the next 10 years will just be simply retarded, silver is really good too cause it is an easier investment for rookies that are just getting started in metals. my brother in law has about 10k in silver in his possesion at home, i must say holding a bar of silver feels fucking awesome lol. gold even better but its so much more expensive. Historically gold prices have went up aand down. most fluctuations have really only happened sincec the late 70's. in 1998 an ounce of chronic was worth its weight in gold about 300 bucks. 10 years later it was about 880 bucks if you had purchased enough in 98 that would have been some good profit. the lowest it dropped after 1998 was 2001@ 271 but it jumped to 309 in 2002. Also keep in mind that although gold is a precious metal used for large currency transfer and trading, it also has a use, it rocks in electronics, it coducts pretty fucking fantastic, I think we all no electronics are not going anywhere until atleast 12/21/12. the rocketing in price was not random, the computer industry really got going when?? its only going to go up in value... Please keep this in mind.yearly averages of gold prices have been kept since 1793. http://goldinfo.net/yearly.html the value between 1890 and 1932 did not change from 20.67 an ounce, talk about a long term investment