Issue with Payments

This morning we were contacted by one of our end customers who had seen multiple attempts by us to claim payments.

The had already contacted their bank, and their bank blocked the card.

So how did we handle it?

After immediately suspended the payment processing engine we investigated the affected payment system (in this case it was our provider that handles the Credit/Debit cards)

Our developers have identified the cause as to be how our system processed certain responses from Stripe.  The response we failed to handle correctly was where Stripe blocked a payment due to additional anti-fraud rules that we have asked to be carried out – in this case, the Post Code provided by the user didn’t match that which the bank held on file.

We treated it as though it was a temporary failure – something we should have re-tried and, therefore, after a few seconds we did.

None of the payments had been successful – but the way it works is to create a pre-authorisation to validate the payment and address details.

As the validation had failed the payment was not processed, and the pre-authorisation would have expired.

What have we done?

Obviously, this is not acceptable to our customers, so we have implemented another step in the payment handler, and until validation of the process is complete, manual submission of the retries is in place.

The changes have completed testing and are already in place.

We have reviewed all of our users that could have been affected, and there was one other instance that we failed to handle the response correctly but this was due to an expired card and therefore would not have reached the customer’s bank account.

Header Image – Designed by Freepik

 

 

Why are you being asked to enter your payment details again?

When we were setting up our company, we had a problem with opening our bank accounts. To cut a long story short, the bank forgot to get us to sign a form and then didn’t tell us about it until we tried to use the account.

This issue meant that when we collected the first batch of Direct Debit payments, we had to use the “wrong” account. Anyone who signed up after the accounts were sorted out was linked to the right account.

The “proper” account is ring-fenced and only holds the money that we have collected on behalf of our customers.  The “wrong” account is our business account – where the money that we use to run the company is kept.  To ensure that we have protected our customer’s money we have been transferring the money across.

We had hoped that we could move the affected users across on to the “proper” account without anyone having to do anything, but it hasn’t happened that way.

It should only take you few minutes to re-enter the details again – we are unable to do it as we don’t hold the information (another design choice we made to protect you better).

 

New Maintenance Window

Although we endeavour to always keep our systems available, one of our suppliers has let us know that they will be carrying out some maintenance work which may impact you being able to use our platform.

They have advertised the following window:

Start: 2017-03-07 22:00
End: 2017-03-08 06:00

During this time you may be unable to reach the website to carry out check-in operations.  We are looking at ways this can be mitigated in our next release.