Software Glitch Leads To $23,148,855,308,184,500 Visa Charges

Hmmm2000 writes "Recently several Visa card holders were, um, overcharged for certain purchases, to the tune of $23,148,855,308,184,500.00 on a single charge. The company says it was due to a programming error, and that the problem has been corrected. What is interesting is that the amount charged actually reveals the type of programming error that caused the problem. 23,148,855,308,184,500.00 * 100 (I'm guessing this is how the number is actually stored) is 2314885530818450000. Convert 2314885530818450000 to hexadecimal, and you end up with 20 20 20 20 20 20 12 50. Most C/C++ programmers see the error now ... hex 20 is a space. So spaces were stuffed into a field where binary zero should have been."

Re:What is truly appalling...

No, it wasn't just the output. People were charged overlimit fees in addition to the erroneous amount.

Nothing to see here, keep moving along please...

[rickb928]

I work in this industry. The only novelty here is that the error got into production, and was not caught and corrected before it went that far.

Submitters send files to processors which are supposed to be formatted according to specifications.

Note I wrote 'supposed to be'.

Some submitters do, from time to time, change their code, and sometimes they get it wrong. For instance padding a field with spaces instead of zeros. Woopsie...!

Seems that's what happened here. Sounds like a hex or dec field got padded with hex 20, and boom.

This is annoying, especially when the processor gets to help correct the overwhelming number of errors, and then tries to explain that it wasn't their fault. Plenty of blame to go around with this one.

And then explains why they don't both validate/sanitize input, and test for at least some reasonable maximum value in the transaction amount. A max amount of $10,000,000 would have fixed this. That and an obvious lapse in testing. This is what keeps my bosses awake sometimes, fearing they will end up on the front page of the fishwrap looking stupid 'cause their overworked minions screwed something up, or didn't check, or didn't test very well. I love one of the guys we have testing. He's insufferable, and he catches genuine show-stoppers on a regular basis. They can't pay him what he's been worth, literally $millions, just in avoiding downtime and re-working code that went too far down the wrong path.

Believe me, this is in some ways preferable to getting files with one byte wrong that doesn't show up for a month, or sending the wrong data format (hex instead of packed binary or EBCDIC, for instance) and crashing the process completely. Please, I know data should never IPL a system. Tell it to the architects, please. As if they don't know now, after the one crash...

If you knew what I know, you'd chuckle and share this story with some of your buddies in development and certification.

And pray a little.

At least it didn't overbill the cardholders by $.08/transaction. That would suck. This is easy by comparison. Just fix the report data. Piece of cake. Evening's worth of coding and slam it out in off-peak time. Hahahahaha!

I'm afraid you're wrong, sir

[HawkinsD]

I'm afraid you're wrong, sir or madam.

I am one of the victims of this programming error, and I can tell you that several thousand VISA debit transactions were miscoded with the same amount: $23,148,855,308,184,500.00.

I was not smart enough to look at my card number before I sent it off to Consumerist so that VISA could be made fun of. Happily, the string does not contain my (or apparently anybody's) credit (or debit) card number.