Double and Triple and so on.... entriesgreenspun.com : LUSENET : TimeBomb 2000 (Y2000) : One Thread |
I'm reading/hearing/seeing alot on double and triple and so on.. entries relating to bills ie. credit cards, utilities, debit cards etc. I would suspect from a systems point of view that this is a result of data restoration after data restoration from failed testing/production runs of old legacy systems. Probably trying to survive y2k problems.Anyone else see/hear/read the same??? justthink com
-- justthinkin com (justthink@y2k.com), January 10, 2000
Concerning ICVerify, that was not the problem; the wretched little program actually uses a *single-digit year* as part of a file name, and when that single-digit year = 0, it causes a duplicate filename to be created and thus sent to the processor every time the merchant batches out. Don't know about the other problems, but it's a good thought. okerry
-- okerry (okerry@mailcity.com), January 10, 2000.
I'm not a programmer, but I'm married to one who is regularly on call for the batch systems that run over night. She works in the financial sector. One thing that I have learned over the years of being with her (and answering the telephone at 3:00 a.m. when one of the jobs bombs) is that when one of jobs bombs (for whatever reason, not just y2k) the programmers and the operators need to be EXTREMELY careful of the point where they restart the processing. If they restart in the wrong place they can easily double up on processes like billing.I guess the problem with this kind of analysis (as posted in the original question) is that no one was interested in tracking these sorts of problems before y2k, so we have no idea what the "normal" rate of these types of incidents is. I'm sure that the "normal" rate was not zero.
-- dersg (1@2.3), January 10, 2000.
CyberCash is one of the players in this double/triple billing fiasco ... but this isn't their ONLY problem.Check this out:
SAN FRANCISCO -- A mysterious computer intruder has tried to extort $100,000 from an Internet music retailer after claiming to have copied its collection of more than 300,000 customer credit-card files, which could be used by others to charge purchases online or by telephone ....
On Friday Mr. Levy's company began alerting journalists to the existence of a World Wide Web site that the blackmailer had been using for two weeks to distribute perhaps 25,000 [of 300,000] of the stolen card numbers to thousands of other people ...
Before the Maxus site was shut down, a traffic counter on the site indicated that several thousand visitors had downloaded more than 25,000 credit-card numbers from the system since Dec. 25.
In one of his e-mail messages Sunday, Maxim said that he had been involved in the illegal use of credit cards since 1997. Originally, he wrote, he had tried to create a legal online company that would take payments with a credit-card processing system.
But then, he said, he found he could subvert ICVerify, a credit-card verification software program. The program is sold by Cybercash Inc., an electronic-commerce security company based in Reston, Va., whose software is widely used by e-commerce merchants.
``In 1998,'' he wrote, ``I hacked into a chain of shops and got ICVerify (Cybercash) program with necessary configuration files for transferring money.''
He said that with the ICVerify program he had been able to make a charge on a credit card and then give a chargeback refund to a second credit card, a system that he said gave him an ``almost anonymous'' offshore credit-card account. He also claimed that he had been able to obtain cash from an automatic teller machine using this account, after performing ``tricks'' with ICVerify.
CD Universe employs ICVerify on its site, but Greenspan said that the company was not ready to conclude that the blackmailer had manipulated the software to obtain the customer information.
Cybercash said Sunday that it was investigating the claims. Its chairman, Daniel Lynch, said that about a year ago the company had found a security flaw in ICVerify, but had created a software ``patch'' for it and notified its clients. He said he did not know if all clients had installed the patch, though ...
http://www.mercurycenter.com/svtech/news/breaking/merc/docs/extort0110 00.htm
-- Cheryl (Transplant@Oregon.com), January 10, 2000.
Lots of things can cause double-posting - multiple transmissions of the same input file, improperly restarting the job so that multiple inputs of the same records are created, loops within the program, improperly sorted input records (some programs depend on files being sorted in a certain way so that a change in date means "stop processing and continue" (cuz you've hit the "end of day") - this can be a problem if all the newest transactions sort "low" because of 00 in the year. You can end up reposting the previous days transactions.). It would be interesting to know which year the double/triple posting transactions came from.BTW, I've got 12 years in IT, 9 in financial services, 5 as a programmer, 4 as an operating systems geek.
-- 12Years IntheIndustry (geek@work.com), January 10, 2000.