Feeds

Reg readers crack case of the $23 quadrillion overcharge

<empty field> + binhex = Visa FAIL

Intelligent flash storage arrays

It seems an empty amount field is the culprit in the programming glitch that caused some 13,000 holders of prepaid Visa cards to receive warnings that their accounts were overdrawn by more than $23 quadrillion.

At least, that's the theory advanced by several Register readers, who posit an 8-byte blank field was converted to binary format, giving it a value of 0x2020202020202020. Converted to an integer decimal, that translates to 2,314,885,530,818,453,536, an amount that's not far off from the number of cents these customers were charged for a wide variety of purchases.

To recap from Wednesday, Visa sent about 13,000 customers statements claiming their accounts were overdrawn because of a charge for exactly $23,148,855,308,184,500.00. The company quickly identified the problem, which it blamed on a "temporary programming error," and corrected the charges.

Of course, Visa didn't detail the programming error, and that made some of you curious. In a comment titled "Visa deserves glitchslapping?," an anonymous coward pointed out that the incorrect charges, which applied to purchases for cigarettes, gasoline, and sundry other items and services, came to exactly 2,314,885,530,818,450,000 cents, which when converted to binhex comes to 2020202020201250.

"It looks to me like somebody blank-filled a field, plopped the actual charged amount into the end (hex 1250, decimal 4688, likely amount $46.88), and then interpreted the entire field as a hex number," AC wrote. "If so, this is the kind of bug that would have been caught in even the most cursory testing, in which case the 'technical glitch' Visa talks about was not really in the software--bugs happen--but in their own shoddy procedures that allowed untested software to go live."

This still doesn't explain how 13,000 people could all be charged precisely the same amount for purchases whose real-world value were vastly different. Reg reader Stuart McConnachie, who also forwarded the binhex theory, guesses the identical overcharge is the result of a rounding error. When converting to a real number, only the first 15 digits were included, he said. The remainder were converted to zero.

While several of you were astonished that such an elementary mistake could have made it into Visa's live production, at least one reader was impressed that the company's computing system was robust enough to handle the error without crashing.

"I'm impressed at their systems' coders who wrote a system capable of coping with figures like that, and not falling over!" NogginTheNog wrote. "I mean I've heard of inflation-proofing, but really..." ®

Intelligent flash storage arrays

More from The Register

next story
Be real, Apple: In-app goodie grab games AREN'T FREE – EU
Cupertino stands down after Euro legal threats
Download alert: Nearly ALL top 100 Android, iOS paid apps hacked
Attack of the Clones? Yeah, but much, much scarier – report
Microsoft: Your Linux Docker containers are now OURS to command
New tool lets admins wrangle Linux apps from Windows
Bada-Bing! Mozilla flips Firefox to YAHOO! for search
Microsoft system will be the default for browser in US until 2020
Facebook, working on Facebook at Work, works on Facebook. At Work
You don't want your cat or drunk pics at the office
Soz, web devs: Google snatches its Wallet off the table
Killing off web service in 3 months... but app-happy bonkers are fine
prev story

Whitepapers

Choosing cloud Backup services
Demystify how you can address your data protection needs in your small- to medium-sized business and select the best online backup service to meet your needs.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
10 threats to successful enterprise endpoint backup
10 threats to a successful backup including issues with BYOD, slow backups and ineffective security.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Internet Security Threat Report 2014
An overview and analysis of the year in global threat activity: identify, analyze, and provide commentary on emerging trends in the dynamic threat landscape.