Feeds

PayPal meltdown wreaks havoc on some ecommerce websites

'Bring me the head of the IPN admins!'

Application security programs and practises

A glitch in PayPal's payment verification system is wreaking havoc on some ecommerce sites that depend on the service. For more than 48 hours, the bug in PayPal's instant payment notification has made it impossible for them to process orders, owners of these businesses complain.

Making matters worse, the glitch causes credit card holders who place orders to be billed even though they are unable to take delivery of the goods or services they've just purchased. PayPal customers began reporting the difficulty on Thursday morning and at time of publication - more than two days later - PayPal owner eBay was still struggling to fix the problem.

"We can't accept payments done with PayPal which is a really large share of our payments since most of our customers are from America and PayPal is almost a de facto standard or means for online payment there," Rikard Froberg, technical director of eClassical.com wrote in an email. "The customer knows nothing about this, orders and pays but never gets the goods he paid for, or gets them very late (for instant delivery, the patience is very short) so it looks like the store ripping the customer off."

Others are fuming, too. Denizens of this forum, among others, are calling for the head of PayPal admins, who are said to have caused the outage when updating the instant payment notification (IPN) system. They also complain that PayPal was slow to acknowledge the problem. The company didn't inform users of the glitch until Friday afternoon, more than 24 hours after complaints began rolling in.

PayPal spokeswoman Amanda Pires said Saturday that a "percentage of merchants a percentage of the time" don't receive an IPN. Company developers are scrambling to fix the problem. "We are looking at this as a high priority fix," she said. "We've been working around the clock. We're hoping to have a fix as soon as possible."

Asked to estimate that percentage of customers or the percentage of times they receive failures, Pires said it's "much less than the majority of the time."

For his part, Froberg says all IPNs to eClassical.com are broken. The Sweden-based website sells DRM-free classical music in real time, so the glitch means that it's customers have paid for files they are unable to download. Many eCommerce websites run on scripts that don't complete a transaction until an IPN is received from PayPal. eClassical.com also accepts credit card payments.

The meltdown comes as eBay is requiring some customers to use PayPal if they want to continue using the service. It also comes on the heels of Friday's discovery of serious scripting error on the PayPal site that could have enabled attackers to create convincing spoof pages that stole users' authentication credentials. It took PayPal several hours, but the company's security pros eventually squashed the security bug. ®

Mobile application security vulnerability report

More from The Register

next story
You! Pirate! Stop pirating, or we shall admonish you politely. Repeatedly, if necessary
And we shall go about telling people you smell. No, not really
There's NOTHING on TV in Europe – American video DOMINATES
Even France's mega subsidies don't stop US content onslaught
Airbus promises Wi-Fi – yay – and 3D movies (meh) in new A330
If the person in front reclines their seat, this could get interesting
BBC goes offline in MASSIVE COCKUP: Stephen Fry partly muzzled
Auntie tight-lipped as major outage rolls on
UK Parliament rubber-stamps EMERGENCY data grab 'n' keep bill
Just 49 MPs oppose Drip's rushed timetable
Want to beat Verizon's slow Netflix? Get a VPN
Exec finds stream speed climbs when smuggled out
Samsung threatens to cut ties with supplier over child labour allegations
Vows to uphold 'zero tolerance' policy on underage workers
Dude, you're getting a Dell – with BITCOIN: IT giant slurps cryptocash
1. Buy PC with Bitcoin. 2. Mine more coins. 3. Goto step 1
prev story

Whitepapers

Top three mobile application threats
Prevent sensitive data leakage over insecure channels or stolen mobile devices.
The Essential Guide to IT Transformation
ServiceNow discusses three IT transformations that can help CIO's automate IT services to transform IT and the enterprise.
Mobile application security vulnerability report
The alarming realities regarding the sheer number of applications vulnerable to attack, and the most common and easily addressable vulnerability errors.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.