Technical Issue Report #27
Summary
On February 4, 2025, at 3:45 AM, a technical issue occurred, lasting 4.5 hours, which resulted in misplaced decimals in transaction amounts and led to customer overcharges. All affected transactions have been reversed. The issue stemmed from a format change related to a new 3DS feature. It was detected at 7:45 AM through merchant decline alerts, and a hotfix was deployed by 8:25 AM. In total, nine customers experienced financial impact, while 178 were unable to transact.
Post-Mortem
Incident Summary
- Date & Time of Incident: Tuesday February 4th, 2025 at 3:45 AM
- Duration: 4.5 Hours
- Impact: Consumers using the OpenPath and PaymentLync were being charged too much due to decimal placement
- Severity Level: Critical
- Reported By: Jason Martin at OpenPath
Root Cause Analysis
- What Happened? An OpenPath update was released which had several new updates, one of the updates for PaymentLync caused Consumers to be billed two decimal places over, so $25.00 would become $2,500.00.
- Root Cause: To facilitate the new 3DS data only feature with PaymentLync, OpenPath changed the Format of the amount being sent from 2500.0 to 2500. This change was made because at the time of testing the 3DS endpoint was only accepting integers.
Detection & Response
- How Was It Detected? We received automated alerts of Multiple declines from Merchants at 7:45 AM and began investigating, when he found the issue.
- Initial Response Actions: At 8:10 AM we met with the development team and created a hotfix which was deployed and live at 8:25 AM.
- Time to Detection: 4 Hours
- Time to Resolution: 20 Minutes
Impact Assessment
- Users Affected: 9 Customers financially impacted which needed to be made whole again. 178 Customers that were unable to transact but were not financially Impacted.
- Systems Affected: OpenPath PaymentLync Transaction API
- Business Impact: Revenue loss, Reputational Damage for OpenPath, PaymentLync and Merchants.