Feeds

Reg readers crack case of the $23 quadrillion overcharge

<empty field> + binhex = Visa FAIL

Remote control for virtualized desktops

It seems an empty amount field is the culprit in the programming glitch that caused some 13,000 holders of prepaid Visa cards to receive warnings that their accounts were overdrawn by more than $23 quadrillion.

At least, that's the theory advanced by several Register readers, who posit an 8-byte blank field was converted to binary format, giving it a value of 0x2020202020202020. Converted to an integer decimal, that translates to 2,314,885,530,818,453,536, an amount that's not far off from the number of cents these customers were charged for a wide variety of purchases.

To recap from Wednesday, Visa sent about 13,000 customers statements claiming their accounts were overdrawn because of a charge for exactly $23,148,855,308,184,500.00. The company quickly identified the problem, which it blamed on a "temporary programming error," and corrected the charges.

Of course, Visa didn't detail the programming error, and that made some of you curious. In a comment titled "Visa deserves glitchslapping?," an anonymous coward pointed out that the incorrect charges, which applied to purchases for cigarettes, gasoline, and sundry other items and services, came to exactly 2,314,885,530,818,450,000 cents, which when converted to binhex comes to 2020202020201250.

"It looks to me like somebody blank-filled a field, plopped the actual charged amount into the end (hex 1250, decimal 4688, likely amount $46.88), and then interpreted the entire field as a hex number," AC wrote. "If so, this is the kind of bug that would have been caught in even the most cursory testing, in which case the 'technical glitch' Visa talks about was not really in the software--bugs happen--but in their own shoddy procedures that allowed untested software to go live."

This still doesn't explain how 13,000 people could all be charged precisely the same amount for purchases whose real-world value were vastly different. Reg reader Stuart McConnachie, who also forwarded the binhex theory, guesses the identical overcharge is the result of a rounding error. When converting to a real number, only the first 15 digits were included, he said. The remainder were converted to zero.

While several of you were astonished that such an elementary mistake could have made it into Visa's live production, at least one reader was impressed that the company's computing system was robust enough to handle the error without crashing.

"I'm impressed at their systems' coders who wrote a system capable of coping with figures like that, and not falling over!" NogginTheNog wrote. "I mean I've heard of inflation-proofing, but really..." ®

Intelligent flash storage arrays

More from The Register

next story
Download alert: Nearly ALL top 100 Android, iOS paid apps hacked
Attack of the Clones? Yeah, but much, much scarier – report
NSA SOURCE CODE LEAK: Information slurp tools to appear online
Now you can run your own intelligence agency
Microsoft: Your Linux Docker containers are now OURS to command
New tool lets admins wrangle Linux apps from Windows
Microsoft adds video offering to Office 365. Oh NOES, you'll need Adobe Flash
Lovely presentations... but not on your Flash-hating mobe
You stupid BRICK! PCs running Avast AV can't handle Windows fixes
Fix issued, fingers pointed, forums in flames
HTML5 vs native: Harry Coder and the mudblood mobile app princes
Developers just want their ideas to generate money
prev story

Whitepapers

Driving business with continuous operational intelligence
Introducing an innovative approach offered by ExtraHop for producing continuous operational intelligence.
Why CIOs should rethink endpoint data protection in the age of mobility
Assessing trends in data protection, specifically with respect to mobile devices, BYOD, and remote employees.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Reducing the cost and complexity of web vulnerability management
How using vulnerability assessments to identify exploitable weaknesses and take corrective action can reduce the risk of hackers finding your site and attacking it.