Visa Accidentally Charges People $23 Quadrillion
from the yes,-that's-a-real-number dept
I saw a couple of days ago on Consumerist that a teen had apparently discovered a debit of $23,148,855,308,184,500.00 on her debit card for a purchase at the local drug store. That's $23 quadrillion -- or 2,000 times the national debt. CNN is now reporting that a bunch of folks were hit with this charge (the identical number). Most are also dealing with insufficient funds charges. Visa, not surprisingly, is apologetic, promising to sort things out and agreeing to get rid of any excess charges due to this. However, it does make you wonder... shouldn't Visa's debit cards have some sort of "reality check" included?Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: charges, debit card
Companies: visa
Reader Comments
Subscribe: RSS
View by: Time | Thread
The plan
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Easy Fix
[ link to this | view in chronology ]
Re: Easy Fix
[ link to this | view in chronology ]
Re: Re: Easy Fix
[ link to this | view in chronology ]
Re: Re: Re: Easy Fix
[ link to this | view in chronology ]
Re: Re: Re: Re: Easy Fix
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Easy Fix
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Easy Fix
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
On the flip side...
[ link to this | view in chronology ]
Re: On the flip side...
[ link to this | view in chronology ]
Re: Re: On the flip side...
[ link to this | view in chronology ]
Re: On the flip side...
[ link to this | view in chronology ]
Sad
[ link to this | view in chronology ]
Re: Sad
[ link to this | view in chronology ]
LOLZ
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Imagine the interest charges for one month @ 12%
[ link to this | view in chronology ]
Obviously a data conversion error...
(Yes, I know I didn't convert the $5 to hex, it's just an example...)
[ link to this | view in chronology ]
Re: Obviously a data conversion error...
[ link to this | view in chronology ]
Re: Re: Obviously a data conversion error...
A comment there brings up an excellent point. All of the charges we're seeing are the *same* value, 0x2020202020201250. After you remove the padding spaces that were put there you're left with 0x1250, which is 4688 in decimal. Since these amounts are always sent in cents, that corresponds to a $46.88 charge. There's no way that all of the customers I've seen (and the 13k supposedly affected, if we assume that they all have the same amount as well) purchased the exact same value of items. One guy bought a pack of cigs and incurred the charge, which is simply impossible to reach $46.88 with.
This is pretty clearly not *just* a padding issue. There's a genuine bug behind this, or perhaps a hack attempt. This does sort of smell like a buffer overflow exploit...
[ link to this | view in chronology ]
Re: Obviously a data conversion error...
[ link to this | view in chronology ]
Re: Re: Obviously a data conversion error...
But..but..but.. better people cost more!
[ link to this | view in chronology ]
http://it.slashdot.org/article.pl?sid=09/07/15/2050215
[ link to this | view in chronology ]
(*Dr. Evil voice*) $23 Quadrillion Dollars
[ link to this | view in chronology ]
Now they can fund national health
[ link to this | view in chronology ]
Not Visa's fault!
[ link to this | view in chronology ]
[ link to this | view in chronology ]
I asked the same question...
A few weeks after that incident, I used a credit card (not debit) to buy gas about 50 miles from my house. I immediately received a call from the credit card company alerting me to unusual behavior.
After that, I asked the same question: Why don't debit cards have the same 'check' protection that credit cards have?
[ link to this | view in chronology ]
Remeber Y2K anyone?
Basically the same situation here if you impose a modern day limit on a system that could end up being used well into the future.
[ link to this | view in chronology ]
Re: Remember Y2K anyone?
> a modern day limit on a system that could end
> up being used well into the future.
You don't have to limit the amount of characters allowed in the field, just put in a simple line of code that blocks any transaction over a certain amount. If that needs to be changed in the future, it would be a simple thing to go back in and eliminate that line of code and free up the block.
[ link to this | view in chronology ]
where I thought this story was going
"So the Visa representative asked the customer to simply pay the $23 quadrillion and it would be credited back to her account next month."
[ link to this | view in chronology ]
Re: where I thought this story was going
[ link to this | view in chronology ]
This is clearly a violation of the Patriot Act and Bank Secrecy Act...
[ link to this | view in chronology ]
Are we following the money? Where's the rest of the story?
The term 'Gaming the system' comes to mind, and I have a feeling that 'someone' 'somewhere' knew exactly what they were doing when they caused this to happen. And yes, my tinfoil hat may be a little tight today (with the recession and all).
[ link to this | view in chronology ]
Reactionary much?
The error is obvious from the amount charged - the processor padded the amount with spaces instead of zeros, which when converted from hex resulted in an extraordinarily large number. As exciting as it may be to bluster about how many Libraries of Congresses or World GDPs the amount was, it's a simple data error. No one embezzled trillions of dollars of interest, no one was ever at risk of losing their home, and no we don't need a law requiring all credit card processing code to be kludged up with arbitrary limits that "we can just change later!"
[ link to this | view in chronology ]
Re: Reactionary much?
Hmm, I wonder if *I* could get away with that. Cash a check for, say, $10000 on an account with only twenty bucks in it and when it bounced say "That '10000' was in binary!", i.e. really only $16? No, I suspect my butt would wind up in jail.
[ link to this | view in chronology ]
Re: Reactionary much?
> credit card processing code to be kludged up with arbitrary
> limits that "we can just change later!"
We don't need a law-- and no ever suggested we need one. But it would seem prudent, especially when people suffer time and expense dealing with the fees and charges that typically come with these "simple data errors".
If the companies' reps weren't so mindless and robotic and had the ability to use common sense in situations like this, rather than giving customers the run-around over something so obviously erroneous, then technical remedies wouldn't be necessary.
As that is not the case, they are.
[ link to this | view in chronology ]
Re: Re: Reactionary much?
That'd be the issue. Visa should have had technological safeguards against charges this high in the first place, and then reps should have been sufficiently trained that they can decide by themselves that a multi-quadrillion dollar charge is obviously wrong.
[ link to this | view in chronology ]
Their system was so well done that we couldn't unentangle my account from his after the merge, and after countless contacts with customer service which included several expensive long distance conference calls, I had to abandon 24 years of perfect credit history on that card and apply for a new one. So now I have a canceled card on my record, a lower charge limit, and a new card, all lowering my credit rating.
Good thing I could trust my spouse. How horrible would it have been for all that data to be made available to someone who might have been an unscrupulous enemy?
[ link to this | view in chronology ]
Apologies?
Seriously, though, why isn't there more of an apology from the banks? Did someone get fired? Did the entire accounting department get fired? Did the bank give anything back to the people who were charged this amount, like maybe free premium-level services for a few years?
[ link to this | view in chronology ]