Forgot your password?
Bug The Almighty Buck

Software Glitch Leads To $23,148,855,308,184,500 Visa Charges 544

Posted by timothy
from the what's-the-grace-period-again dept.
Hmmm2000 writes "Recently several Visa card holders were, um, overcharged for certain purchases, to the tune of $23,148,855,308,184,500.00 on a single charge. The company says it was due to a programming error, and that the problem has been corrected. What is interesting is that the amount charged actually reveals the type of programming error that caused the problem. 23,148,855,308,184,500.00 * 100 (I'm guessing this is how the number is actually stored) is 2314885530818450000. Convert 2314885530818450000 to hexadecimal, and you end up with 20 20 20 20 20 20 12 50. Most C/C++ programmers see the error now ... hex 20 is a space. So spaces were stuffed into a field where binary zero should have been."
This discussion has been archived. No new comments can be posted.

Software Glitch Leads To $23,148,855,308,184,500 Visa Charges

Comments Filter:
  • by idontgno (624372) on Wednesday July 15, 2009 @05:20PM (#28708469) Journal
    Yeah, but the data definition conundrum "space fill or zero fill" is pretty persuasive in this case. Or at least a damn interesting coincidence.
  • by Anonymous Coward on Wednesday July 15, 2009 @05:38PM (#28708683)

    No, it wasn't just the output. People were charged overlimit fees in addition to the erroneous amount.

  • by rickb928 (945187) on Wednesday July 15, 2009 @05:47PM (#28708809) Homepage Journal

    I work in this industry. The only novelty here is that the error got into production, and was not caught and corrected before it went that far.

    Submitters send files to processors which are supposed to be formatted according to specifications.

    Note I wrote 'supposed to be'.

    Some submitters do, from time to time, change their code, and sometimes they get it wrong. For instance padding a field with spaces instead of zeros. Woopsie...!

    Seems that's what happened here. Sounds like a hex or dec field got padded with hex 20, and boom.

    This is annoying, especially when the processor gets to help correct the overwhelming number of errors, and then tries to explain that it wasn't their fault. Plenty of blame to go around with this one.

    And then explains why they don't both validate/sanitize input, and test for at least some reasonable maximum value in the transaction amount. A max amount of $10,000,000 would have fixed this. That and an obvious lapse in testing. This is what keeps my bosses awake sometimes, fearing they will end up on the front page of the fishwrap looking stupid 'cause their overworked minions screwed something up, or didn't check, or didn't test very well. I love one of the guys we have testing. He's insufferable, and he catches genuine show-stoppers on a regular basis. They can't pay him what he's been worth, literally $millions, just in avoiding downtime and re-working code that went too far down the wrong path.

    Believe me, this is in some ways preferable to getting files with one byte wrong that doesn't show up for a month, or sending the wrong data format (hex instead of packed binary or EBCDIC, for instance) and crashing the process completely. Please, I know data should never IPL a system. Tell it to the architects, please. As if they don't know now, after the one crash...

    If you knew what I know, you'd chuckle and share this story with some of your buddies in development and certification.

    And pray a little.

    At least it didn't overbill the cardholders by $.08/transaction. That would suck. This is easy by comparison. Just fix the report data. Piece of cake. Evening's worth of coding and slam it out in off-peak time. Hahahahaha!

  • by jefu (53450) on Wednesday July 15, 2009 @06:15PM (#28709231) Homepage Journal

    Actually, I think it is more like 95% of the time [] So it's not so bad after all.

  • by rickb928 (945187) on Wednesday July 15, 2009 @06:23PM (#28709321) Homepage Journal

    Oh, and it wasn't as simple as padding with spaces. Space is hex 20. Zero is hex 30. They should have been been billed 30 quadrillion-something. More likely it was a bad conversion. Still reason to waterboard the testers.

    You should try converting packed binary to some flavor of EBCDIC, not knowing in advance which particular version EBCDIC they meant.

  • Re:meh (Score:3, Informative)

    by Dachannien (617929) on Wednesday July 15, 2009 @06:26PM (#28709355)

    On January 16, 2009, Zimbabwe announced plans for imminent issue of banknotes of $10 trillion, $20 trillion, $50 trillion, and $100 trillion

    Believe it or not, that was after Zimbabwe had lopped off a bunch of zeros from their currency the previous year.... twice. And then they did it a third time [] a month after they printed their first $100 trillion notes.

  • Re:The Sad Thing... (Score:1, Informative)

    by Anonymous Coward on Wednesday July 15, 2009 @06:54PM (#28709719)

    ... Is that these days, we EXPECT sloppy programming.

  • by Anonymous Coward on Wednesday July 15, 2009 @07:21PM (#28710025)

  • Re:meh (Score:4, Informative)

    by Mr2001 (90979) on Wednesday July 15, 2009 @10:30PM (#28711725) Homepage Journal

    So you're saying the people who didn't see the current crisis coming, assured us it was contained, and then told us we barely avoided catastrophe know what they're doing and are the perfect stewards for our monetary system?

    Not perfect stewards, no. But they're still better stewards than mining companies and gold-consuming industries. The alternative is for the value of our currency be affected by what sort of rocks were uncovered recently or how many edge connectors and necklaces are being manufactured; do you really think that would be an improvement?

    The Federal Reserve was founded in 1913. The Great Depression started 16 years later.

    Surely you aren't trying to imply causality there, are you? Because recessions have gotten shorter and less frequent [] since 1900.

    The intrinsic value of gold is that it is rare enough to hold large quantities of wealth and cannot be manufactured arbitrarily. The second reason is why every fiat currency has historically failed

    Except the ones that haven't, you mean?

  • Re:meh (Score:2, Informative)

    by iowannaski (766150) on Wednesday July 15, 2009 @11:45PM (#28712229)

    Well said.

    If you think that the economy will fall back to gold after a collapse of the fiat currency, take a look at Zimbabwe: is gold the major currency of the informal economy there? No. They use American dollars and South African rand.

    And just to mix a little irony into the situation, many of those rand are earned by digging up gold and selling it for dollars.

  • by HawkinsD (267367) on Thursday July 16, 2009 @10:41AM (#28716657)

    I'm afraid you're wrong, sir or madam.

    I am one of the victims of this programming error, and I can tell you that several thousand VISA debit transactions were miscoded with the same amount: $23,148,855,308,184,500.00.

    I was not smart enough to look at my card number before I sent it off to Consumerist [] so that VISA could be made fun of. Happily, the string does not contain my (or apparently anybody's) credit (or debit) card number.

"The chain which can be yanked is not the eternal chain." -- G. Fitch