Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Bug The Almighty Buck

Software Glitch Leads To $23,148,855,308,184,500 Visa Charges 544

Hmmm2000 writes "Recently several Visa card holders were, um, overcharged for certain purchases, to the tune of $23,148,855,308,184,500.00 on a single charge. The company says it was due to a programming error, and that the problem has been corrected. What is interesting is that the amount charged actually reveals the type of programming error that caused the problem. 23,148,855,308,184,500.00 * 100 (I'm guessing this is how the number is actually stored) is 2314885530818450000. Convert 2314885530818450000 to hexadecimal, and you end up with 20 20 20 20 20 20 12 50. Most C/C++ programmers see the error now ... hex 20 is a space. So spaces were stuffed into a field where binary zero should have been."
This discussion has been archived. No new comments can be posted.

Software Glitch Leads To $23,148,855,308,184,500 Visa Charges

Comments Filter:
  • Hey (Score:5, Funny)

    by sonicmerlin ( 1505111 ) on Wednesday July 15, 2009 @04:10PM (#28708321)
    Interesting? You're assuming we're all computer geeks. Wait a minute...
  • meh (Score:5, Funny)

    by gEvil (beta) ( 945888 ) on Wednesday July 15, 2009 @04:11PM (#28708337)
    Meh. What's 23 quadrillion dollars really worth these days?
    • Re:meh (Score:5, Funny)

      by Anubis IV ( 1279820 ) on Wednesday July 15, 2009 @04:12PM (#28708365)
      Not much to us, but think of the children. They'll be paying it off for decades!
      • Re:meh (Score:5, Interesting)

        by Darkness404 ( 1287218 ) on Wednesday July 15, 2009 @04:26PM (#28708539)
        Just hyper-inflate the dollar enough and you could spend 23 quadrillion on a bag of chips. Just look at Zimbabwe ( http://en.wikipedia.org/wiki/Hyperinflation_in_Zimbabwe [wikipedia.org] ) from the article "On January 16, 2009, Zimbabwe announced plans for imminent issue of banknotes of $10 trillion, $20 trillion, $50 trillion, and $100 trillion". So actually, its possible that the dollar could somehow inflate that high so 23 quadrillion isn't that much.
        • Re:meh (Score:5, Insightful)

          by jameskojiro ( 705701 ) on Wednesday July 15, 2009 @04:44PM (#28708763) Journal

          Yeah, of course what happened after that was people started having to resort to bartering for goods using small amounts of Gold, Kinda like what they did TWO-Thousand years ago. So you take an economy and you screw it up so badly that you have to reset it back to the pre-roman levels of commerce.
          .
          And people laugh at other people for collecting and buying gold.

          • Re:meh (Score:5, Insightful)

            by nizo ( 81281 ) * on Wednesday July 15, 2009 @04:52PM (#28708861) Homepage Journal

            The thing is if the economy tanks that badly, gold probably won't be worth much either. Which is why buying large boxes of ammo, cigarettes, and toilet paper is the way to go!

            • Re:meh (Score:5, Funny)

              by owlstead ( 636356 ) on Wednesday July 15, 2009 @05:11PM (#28709183)
              Yep, I've already got a stack of thousands rolls of toilet paper stacked up here, just in case.
            • Re:meh (Score:4, Insightful)

              by Anonymous Coward on Wednesday July 15, 2009 @05:17PM (#28709255)

              No, you're wrong.

              Gold will just get ridiculously expensive - think $2000/oz or as much as $10000/oz - double its current price.

              Just give it 5-10 years, you'll see.

            • Re:meh (Score:5, Funny)

              by BryanL ( 93656 ) <lowtherbf@gmailGAUSS.com minus math_god> on Wednesday July 15, 2009 @07:15PM (#28710613)

              If inflation gets that bad, your currency *is* your toilet paper.

        • Re: (Score:3, Informative)

          by Dachannien ( 617929 )

          On January 16, 2009, Zimbabwe announced plans for imminent issue of banknotes of $10 trillion, $20 trillion, $50 trillion, and $100 trillion

          Believe it or not, that was after Zimbabwe had lopped off a bunch of zeros from their currency the previous year.... twice. And then they did it a third time [cnn.com] a month after they printed their first $100 trillion notes.

          • Re:meh (Score:4, Interesting)

            by Dogtanian ( 588974 ) on Wednesday July 15, 2009 @06:07PM (#28709869) Homepage

            Believe it or not, that was after Zimbabwe had lopped off a bunch of zeros from their currency the previous year.... twice. And then they did it a third time a month after they printed their first $100 trillion notes.

            I was going to say something similar:-

            On July 30, 2008, the Governor of the RBZ, Gideon Gono announced that the Zimbabwe dollar would be redenominated by removing 10 zeroes, with effect from August 1, 2008. ZWD10billion will become 1 dollar after the redenomination.

            Then

            [*After* the above revaluing] On 12 January 2009, Zimbabwe introduced the $50,000,000,000 note.

            So you can multiply $50 billion by $10 billion (per new dollar) to get what it would have been if they hadn't done that sleight of hand; $500 billion billion.

            Or let's put that another way (50 * 10^9) * (10 * 10^9) = 500 * 10^18 =

            500 exadollars, or 5,000,000,000,000,000,000 dollars.

            If 1,000,000 US dollars in 100 dollar bills weighs 10kg [answers.com], then assuming Zimbabwean 100 dollars had similar weight, the unrevalued currency would weigh:-

            $5*(10^18) / ($100,000 per kilogram) = 5*(10^13) kilograms = 5*(10^10) metric tonnes....

            i.e. 50 billion tonnes!!!

            • Re:meh (Score:5, Insightful)

              by jra ( 5600 ) on Wednesday July 15, 2009 @09:32PM (#28711741)

              *My* question, though, is this:

              Why do Visa's systems have the bandwitdh to *allow* 23 quadrillion dollars to make it to a credit card bill.

              Is there anyone, at all, anywhere, who's gonna carry a balance of even a megabuck?

              6.2, really. That's all they needed.

              • Re: (Score:3, Insightful)

                by Dr. Hok ( 702268 )

                *My* question, though, is this:

                Why do Visa's systems have the bandwitdh to *allow* 23 quadrillion dollars to make it to a credit card bill.

                Is there anyone, at all, anywhere, who's gonna carry a balance of even a megabuck?

                6.2, really. That's all they needed.

                Full ack, 6.2 digits will be enough for all purposes eternally.

                Just like no computer will ever need more than 64k RAM, and 32 bits will always be enough for time_t.

      • Re: (Score:3, Funny)

        by SkyDude ( 919251 )
        Do I just pay the minimum?
  • by sheepweevil ( 1036936 ) on Wednesday July 15, 2009 @04:12PM (#28708361) Homepage
    In EBCDIC, hex 40 is a space. Making this error if EBCDIC was used would make the charge a whopping $4,629,771,061,636,895,312 - 4 quintillion dollars!
  • So now the interest charges for the month based on average daily balance will be quit a lot.
  • While all this is plausible, of course, the 12 is octal for a UNIX newline and the 50 is the '@' symbol; let us not forget that there are a lot of assumptions being made here and a lot of speculation.
    • Re: (Score:3, Informative)

      by idontgno ( 624372 )
      Yeah, but the data definition conundrum "space fill or zero fill" is pretty persuasive in this case. Or at least a damn interesting coincidence.
    • Re: (Score:3, Insightful)

      by ajs ( 35943 )

      Yeah, to make the jump from hexidecimal representation for a number to ascii is rather a long-shot.

      Here's another:

      Represented as 2-nibble-per-byte packed BCD (Binary Coded Decimal), this is the exact correct number of digits for a Visa card number. What you could well be looking at is a pre-initialized dummy card number overlayed with a price (stored in the last two bytes). If so, the expected value of the original default would be:

      20 20 20 20 20 20 20 24

      That is, a card number that stores 2 in every odd po

      • by Pallidrone ( 1423085 ) on Wednesday July 15, 2009 @11:15PM (#28712385)
        Actually it looks even simpler then that. It looks like $2.31 was his amount and the rest was his CC number, since the 4885 is a typical Visa Check Card sequence issued by BofA. I wonder if this guy was smart enough to look at his card number and verify that was not the case here, especially before putting it out to the press.
        • by HawkinsD ( 267367 ) on Thursday July 16, 2009 @09:41AM (#28716657)

          I'm afraid you're wrong, sir or madam.

          I am one of the victims of this programming error, and I can tell you that several thousand VISA debit transactions were miscoded with the same amount: $23,148,855,308,184,500.00.

          I was not smart enough to look at my card number before I sent it off to Consumerist [consumerist.com] so that VISA could be made fun of. Happily, the string does not contain my (or apparently anybody's) credit (or debit) card number.

  • Minimum (Score:5, Funny)

    by Selfbain ( 624722 ) on Wednesday July 15, 2009 @04:15PM (#28708391)
    So what was the minimum payment on that?
  • by ArsonSmith ( 13997 ) on Wednesday July 15, 2009 @04:15PM (#28708401) Journal

    This is how Obama is paying for health care.

  • by hyades1 ( 1149581 ) <hyades1@hotmail.com> on Wednesday July 15, 2009 @04:17PM (#28708417)

    Isn't that about the cost of a couple of packs of smokes and a bag of chips at one of those gas station stores? If he filled up the truck, too...well, that would just about account for it.

    Dude should shut up and pay what he owes.

  • So they weren't getting multiply charged by a site that claimed to only charge once, and only if you cancelled after the trial period, even though you can cancelled before the end of the trial period. Just spaces huh, who would have though?

    Yes I am ashamed I signed up innocently, now realising torrents are far safer.

  • by Xoltri ( 1052470 ) on Wednesday July 15, 2009 @04:20PM (#28708467)

    He also felt a stab of fear that he had saddled all his unborn grandchildren -- and their grandchildren -- with a lifetime of debt. "Down the generational line, nobody would have any money."

    Give me a break.

    • Re: (Score:3, Insightful)

      by Anonymous Coward

      anyone who sees a 23 quadrillion dollar charge on their visa bill and thinks that should not be allowed to have children.

      Stupidity is evil!

  • by John Hasler ( 414242 ) on Wednesday July 15, 2009 @04:22PM (#28708485) Homepage

    ...is that this was not caught by validity checks. Was this perhaps an error that affected only the printing of the statement?

    • by Anonymous Coward on Wednesday July 15, 2009 @04:38PM (#28708683)

      No, it wasn't just the output. People were charged overlimit fees in addition to the erroneous amount.

    • Re: (Score:3, Insightful)

      by jrumney ( 197329 )

      ...is that this was not caught by validity checks

      My thoughts exactly. Why is it that when I try and legitimately spend a largish amount (anything into 4 figures basically), the credit card company immediately phones me to check on it, and if I try to spend above my credit limit, they can block the purchase, but things like this are not caught?

      Something similar happened to my brother once - a $10 fee for a replacement card somehow became $12 million, automatically debited from his bank account. It took 3 day

  • The Sad Thing... (Score:5, Insightful)

    by fuzzyfuzzyfungus ( 1223518 ) on Wednesday July 15, 2009 @04:25PM (#28708521) Journal
    Is not so much the error(stupid; but, if corrected, not ultimately a giant deal); but the response of the cardholder to the error:

    "The bank kept him on hold for two hours, during which time he contemplated the impossibly bleak financial future that might await him. He also felt a stab of fear that he had saddled all his unborn grandchildren -- and their grandchildren -- with a lifetime of debt. "Down the generational line, nobody would have any money."

    For fuck's sake, people, the credit card guys haven't actually bought a law concerning hereditary debt slavery yet, and this guy thinks that it is already on the books?

    Muszynski compared the giant debt reprieve to receiving "an amazing Monopoly card that says, 'Bank error in your favor.' "

    Pathetic. This guy is grateful that Visa condescended to fix their obvious mistake(this isn't some he said/she said billing dispute, this is someone who allegedly spent more than the world GDP at a gas station)? What is this cringing bullshit? Either this guy is just a sad sack or, rather worse, the "customer service" we get, along with the kangaroo courts that are "mandatory binding arbitration" actually make thankfulness for not being screwed a reasonable response.
  • Still, isn't it funny how these kinds of "computer glitches" always seem to benefit the company, never the customer? Pretty interesting odds at play here.
    • by Itninja ( 937614 )
      Not true. I have personally gotten the better end of the deal at least twice. But no one wants to stand up and say 'I bought a new stereo and was charged -$250 dollars!'. There have also been numerous published accounts of gas stations mistakenly charging hundreds of people $0.25/gal for gas (instead of $2.50).
  • by IGnatius T Foobar ( 4328 ) on Wednesday July 15, 2009 @04:25PM (#28708529) Homepage Journal
    "Do you owe $23 quadrillion or more on your credit cards? Well I'm about to tell you a secret that the credit card companies don't want you to know. You can settle your debt for pennies on the dollar and get out of debt fast!"
  • Been there (Score:5, Funny)

    by Anonymous Coward on Wednesday July 15, 2009 @04:26PM (#28708543)
    I must've put a decimal point in the wrong place or something. I always do that. I always mess up some mundane detail.
  • Maybe they ran it through the Zimbabwe exchange conversion by mistake.

  • Leave, now!
  • Will the IRS tax any party for this in any way tipped workers look out you may end up owning 15% of $23,148,855,308,184,500.00 of the bill even if this is a error yes the IRS is evil like that some times like that.

    Will people get back billed / end up on a baned list as visa seems to be whipping out the full charge is the real charge lost now?

    Will people get all there overdrafts taken off or just one even if they are not at error for all of them.

  • by tmosley ( 996283 ) on Wednesday July 15, 2009 @04:34PM (#28708635)
    If I were him, I would have applied for a bailout, then gave myself a nice hefty bonus before going bankrupt.

    It's the American Dream!
  • by Dahamma ( 304068 ) on Wednesday July 15, 2009 @04:43PM (#28708737)

    It's good to know their system is able to handle $23 quadrillion charges, now I just need to get them to raise my limit a bit.

  • by WebmasterNeal ( 1163683 ) on Wednesday July 15, 2009 @04:44PM (#28708755) Homepage
    Probably more offensive is that a glitch happened at all, large or small. It could have just as easily been $2.31 in which case he may have not noticed the overcharge and paid it. Charge several thousand people $2.31 too much and you can make an alright profit.
    • by dave562 ( 969951 ) on Wednesday July 15, 2009 @05:07PM (#28709117) Journal
      Things like this happen where I work with our AT&T bills all the time. We're on the smaller end of businesses and have a little over 200 lines. At least a couple of times a year we find a number on our bill that isn't one of our numbers. We contact AT&T, they act baffled, and then they credit us for the error. It's so common that they barely even ask any questions when we dispute the charge. I have to imagine that there are numerous other businesses out there in the same situation, but they aren't going through their bills and are subsiquently paying for services they aren't even using. AT&T even has some BS verbage on their statements that says charges not disputed within 60 days can't be disputed. So they can ream someone for years, and then if the company finds out, they can only recoup the last 60 days worth of over charges.
      • Re: (Score:3, Interesting)

        by Culture20 ( 968837 )
        You're probably being crammed [clarkhoward.com]
        It sucks because the phone companies legally make money off of other people's fraud this way, so they have negative incentive to check the identity of the crammers.
    • Re: (Score:3, Funny)

      by Frosty Piss ( 770223 )

      Charge several thousand people $2.31 too much and you can make an alright profit.

      Let's see... 2000 x $2.31 is, er, around $4620. Yes indeed, big mamou, yes indeed.

  • by rickb928 ( 945187 ) on Wednesday July 15, 2009 @04:47PM (#28708809) Homepage Journal

    I work in this industry. The only novelty here is that the error got into production, and was not caught and corrected before it went that far.

    Submitters send files to processors which are supposed to be formatted according to specifications.

    Note I wrote 'supposed to be'.

    Some submitters do, from time to time, change their code, and sometimes they get it wrong. For instance padding a field with spaces instead of zeros. Woopsie...!

    Seems that's what happened here. Sounds like a hex or dec field got padded with hex 20, and boom.

    This is annoying, especially when the processor gets to help correct the overwhelming number of errors, and then tries to explain that it wasn't their fault. Plenty of blame to go around with this one.

    And then explains why they don't both validate/sanitize input, and test for at least some reasonable maximum value in the transaction amount. A max amount of $10,000,000 would have fixed this. That and an obvious lapse in testing. This is what keeps my bosses awake sometimes, fearing they will end up on the front page of the fishwrap looking stupid 'cause their overworked minions screwed something up, or didn't check, or didn't test very well. I love one of the guys we have testing. He's insufferable, and he catches genuine show-stoppers on a regular basis. They can't pay him what he's been worth, literally $millions, just in avoiding downtime and re-working code that went too far down the wrong path.

    Believe me, this is in some ways preferable to getting files with one byte wrong that doesn't show up for a month, or sending the wrong data format (hex instead of packed binary or EBCDIC, for instance) and crashing the process completely. Please, I know data should never IPL a system. Tell it to the architects, please. As if they don't know now, after the one crash...

    If you knew what I know, you'd chuckle and share this story with some of your buddies in development and certification.

    And pray a little.

    At least it didn't overbill the cardholders by $.08/transaction. That would suck. This is easy by comparison. Just fix the report data. Piece of cake. Evening's worth of coding and slam it out in off-peak time. Hahahahaha!

    • Re: (Score:3, Informative)

      by rickb928 ( 945187 )

      Oh, and it wasn't as simple as padding with spaces. Space is hex 20. Zero is hex 30. They should have been been billed 30 quadrillion-something. More likely it was a bad conversion. Still reason to waterboard the testers.

      You should try converting packed binary to some flavor of EBCDIC, not knowing in advance which particular version EBCDIC they meant.

    • I work in this industry. The only novelty here is that the error got into production, and was not caught and corrected before it went that far.

      That explains why there are so many software testers currently looking for work. The CC industry doesn't use as many of them, anymore.

      Some submitters do, from time to time, change their code, and sometimes they get it wrong. For instance padding a field with spaces instead of zeros. Woopsie...!

      You're still using legacy zero padding? You should be doing things in XML.

      Seems that's what happened here. Sounds like a hex or dec field got padded with hex 20, and boom.

      Not quite. If it were padded with space characters, you get 0x20 in each byte (and that's just what this number had in the first 6 of 8 bytes). If it were padded with zero characters, you would get 34,723,282,962,276,803.04 or so.

      The REAL problem here is that the code was interpreting 64 bits as int

  • by T-Bucket ( 823202 ) on Wednesday July 15, 2009 @04:50PM (#28708829) Homepage

    Does he still get the airline miles for that one? I mean, even at 1 mile per dollar spent.... He can now book a first class ticket to mars...

  • by WTSane ( 1371365 ) on Wednesday July 15, 2009 @04:51PM (#28708843)
    I hope it was on one of the cards that gives him 1% cash back.
  • by Ainu ( 135288 ) on Wednesday July 15, 2009 @05:10PM (#28709165)

    Holly: Busy, Dave?
    Lister: Well, yeah. I am, actually.
    Holly: Oh, then you won't want to know about the two super-lightspeed
                    fighters that are tracking us.
    Lister: What?!
    Holly: I'll leave you to your bubble blowing, mate.
    Lister: No, Hol, come on, come on.
    Holly: They're from Earth.
    Lister: Three million years away?
    Holly: They're from the NorWEB federation.
    Lister: What's that?
    Holly: The North Western Electricity Board. They want you, Dave.
    Lister: Me? Why? What for?
    Holly: For your crimes against humanity.
    Lister: You what!
    Holly: It seems when you left Earth three million years ago, you
                    left two half-eaten German sausages on a plate in your
                    kitchen.
    Lister: Did I?
    Holly: You know what happens to sausages left unattended for
                    three million years?
    Lister: Yeah. They go all mouldy.
    Holly: Your sausages, Dave, now cover seven-eighths of the Earth's
                    surface. Also you left seventeen pounds, fifty pence in a
                    bank account. Thanks to compound interest you now own
                    ninety-eight percent of all the world's wealth, but since
                    you've hoarded it for three million years nobody's got any
                    money except for you and NorWEB.
    Lister: Why NorWEB?
    Holly: You left a light on in the bathroom. I've got a final demand
                    here for one hundred and eighty billion pounds.
    Lister: A hundred and eighty billion pounds! You're kidding!
    Holly: (wearing Groucho Marx disguise) April fool.
    Lister: But it's not April.
    Holly: Yeah, I know, but I could hardly wait six months with a red-hot
                    jape like that under my belt.

  • by saccade.com ( 771661 ) on Wednesday July 15, 2009 @05:28PM (#28709375) Homepage Journal
    What's really strange is they're using 64 bits to express a charge amount. How many people are charging manned missions to Mars or the military invasion of a superpower to their Visa? A 64 bit credit limit must be quite the status symbol.
  • by grepya ( 67436 ) on Wednesday July 15, 2009 @07:41PM (#28710855)

    Shouldn't have checked his email from Mexico.

  • by Neanderthal Ninny ( 1153369 ) on Wednesday July 15, 2009 @08:04PM (#28711017)

    Since our national debit has just hit 1 trillion dollars, we in the United States of American will be second to him in debit.
    I'm very surprised that credit card company, bank or anybody else didn't have any alarm bells (more air raid sirens in this case) when this went through. Also I thought there will be limit on anyone could charge, not only the credit card, bank or even this case, the nation could get.
    This shows there is something wrong with the financial system and that is the understatement of the century.

  • by Ihlosi ( 895663 ) on Thursday July 16, 2009 @02:00AM (#28713415)
    Yikes.

Don't get suckered in by the comments -- they can be terribly misleading. Debug only code. -- Dave Storer

Working...