The GICC has learned through 3 separate unnamed sources that a prominent credit card billing and processing company has incurred Y2K errors that are causing multi-system data error ramifications.

Apparently, as many as 40,000 POS merchants may be affected, and as many as 150,000 credit card transactions may be involved.

The problem, in part, seems to be that accounts are being double-billed after the initial credit purchase, then billed once per day after that.

The ICC was expected to hold a press conference at 4 p.m. EST today to shed further detail on the event.

Verification pending.

-- Jennifer Bunker (jen@bunkergroup.com), January 06, 2000

Answers

Response to Credit Card Processing Company Could Be First Major Multi-system Y2K Failure

The computers of one of the largest point of sale credit card approval companies are posting transactions multiple times to credit card accounts. My information is that the President's Council and the Federal Reserve has decided not to make any public statement about this since it is a "private sector problem" although the banks wanted them to do so. Bottom line, watch your credit card bills and if you can do so to avoid using your credit card until this is fixed -- It shouldn't be long as I understand that the patch is available for download to the POS terminals and the media is already on to the story.

Leon A. Kappelman, Ph.D. Associate Professor, Business Computer Information Systems Associate Director, Center for Quality & Productivity College of Business Administration, Univ. of North Texas Co-chair, Society for Info. Management Y2K Working Group Steering Committee, YES Volunteer Corps (www.iy2kcc.org) Voice: 940-565-4698 Fax: 940-369-7623 Email: kapp@unt.edu Website: http://www.unt.edu/bcis/faculty/kappelma/

-- Jennifer Bunker (jen@bunkergroup.com), January 06, 2000.

Response to Credit Card Processing Company Could Be First Major Multi-system Y2K Failure

Hi....

I noticed before the end of the year that my Bank of America Visa was charging multiple charges on my account. I decided to call one day to check on pending charges, before my statement came in, and found that I had 7 charges for 305.00 within minutes of each other, and about 9 charges for 75.50.....I later found out that supposedly they had a bad "chip" somewhere and it was corrected....I suppose. Didn't really make sense to me but was to flustered to question it at the time. This was about a week before the Christmas so it probably doesn't apply to the above topic...but interesting none the less.

Kevin

-- Kevin Walker (magnison@aol.com), January 06, 2000.

Response to Credit Card Processing Company Could Be First Major Multi-system Y2K Failure

Jennifer,

Your second post in this thread mentions Leon Kappelman, but does not provide any indication as to why he is mentioned in this thread.

Jerry

-- Jerry B (skeptic76@erols.com), January 07, 2000.

Response to Credit Card Processing Company Could Be First Major Multi-system Y2K Failure

This was posted to the year2000-discuss list --

Date: Fri, 07 Jan 2000 10:27:39 -0500 From: "Wouk, Jordan S." Subject: re: Credit Card Bill: Alert To: 'Year 2000 - Post'

-----Original Message----- From: Hotka, Cathy [mailto:hotkac@NRF.com] Sent: Friday, January 07, 2000 9:38 AM To: Mueller, Jonathan Subject: RE: Watch your credit card bills

I'm going to send an alert out this morning. I don't have the full story, but my understanding is that the problem is with small retailers who are using an outdated version of ICVerify. Upgrades are available from the ICVerify site. Rumor is that customers will never see this as a problem because the banks would back out any duplicate charges...and transactions go through normally in the store.

> _____________________________ > Jonathan P. Mueller > TOYS 'R' US ?HC l i e n t S e r v i c e s :-) > * Call me - 201-599-6890 > * Email my office - >

-- Steve Davis (Columbia, MD) (Steve@davislogic.com), January 07, 2000.

Response to Credit Card Processing Company Could Be First Major Multi-system Y2K Failure

As the industry continues to grapple with this problem, we are getting more information. It is rumored that there will be a press event later today to share information. We'll keep you posted.

"Don't know how widespread this will be but today at 4:02 pm this came down on the 1st Union System:

###################################################################### Applies to All States ****All Personnel****

We have just been notified that there is an industry-related problem where some VISA/Mastercard Point of Sale (POS) and mail order/telephone order (MOTO) transactions are being debited from the customer's account EVERY DAY. {Their emphasis not mine}.

PIN base transactions (i.e. any transaction where a PIN is keyed) were NOT effected. {Again their emphasis not mine} EXAMPLE: A $10.00 POS transaction on 1/1/00 has also been put through to the customer's account on 1/2, 1/3, 1/4 and 1/5 so far (in addition to the original transaction). The problem is being corrected, however there is no ETA establshed at this time. ######################################################################

The e-mail goes on to instruct the bank staff NOT to credit any customer's account as Visa/Mastercard will correct it eventually. That is probably OK for true credit card accounts but I foresee a huge impact on all those VISA Checkcards connected directly to customer's checking accounts, especially those with low balances who could easily be overdrawn with one or two charges debited in error.

For once they did not append the "This is unrelated to Y2K" disclaimer that has been a regular addendum to error reports for the last 2 months.

We'll see. Meanwhile I wouldn't use plastic if at all avoidable, especially CheckCards."

Unknown poster.

-- Jennifer Bunker (jen@bunkergroup.com), January 07, 2000.

Response to Credit Card Processing Company Could Be First Major Multi-system Y2K Failure

Jerry, forgive me, my mistake. Leon sent the information contained in the second post of this thread via the Civic Prep COMM list, a group of Y2K grassroots individuals who meet twice monthly via conference call which is administered by John Koskinen's staff.

Subj: Y2K ALERT: Watch your credit card bills Date: Thu, 6 Jan 2000 6:54:24 PM Eastern Standard Time From: "Leon A. Kappelman"

Jen

-- Jennifer Bunker (Jen@bunkergroup.com), January 07, 2000.

Response to Credit Card Processing Company Could Be First Major Multi-system Y2K Failure

Jen,

Thanks for the quick response and clarification!

Jerry

-- Jerry B (skeptic76@erols.com), January 07, 2000.

Cyber Cash's Response:

CyberCash, Inc. Addie Bourne 703-715-7822

Ignition Strategic Communications Sydney Rubin 202-244-1200

Statement from CyberCash on Payment Software and Y2K

ALAMEDA, CALIF. (January 6, 2000) - CyberCash, Inc. today reminded merchants using payment software ICVERIFY, NetVERIFY, PCVERIFY and EZCharge that they must upgrade to Y2K compliant versions to avoid problems in processing transactions.

CyberCash noted that some merchants failed to upgrade their payment software, despite efforts by the company to inform them that a Y2K upgrade was required.

Beginning in December 1998, CyberCash posted information about the Year 2000 issue on its Web site (www.cybercash.com). CyberCash first notified users in February 1999 that upgrades would be required and urged software users to return to the Web site periodically as upgrades became available.

CyberCash also mailed postcards to registered customers and processors informing them of the need to upgrade to Y2K compliant software products. The upgrades were free and available through an 800-number or were downloadable from the Web (http://www.cybercash.com/cybercash/y2k/y2k_upgrades.html).

Unfortunately, some merchants did not download and install the free Y2K compliant upgrades and these merchants are now experiencing problems of duplicate transactions associated with the year 2000 rollover.

Merchants using Windows version 2.25 or higher or those using DOS or UNIX products 6.63 or higher are Y2K compliant and should not have any difficulties.

CyberCash once again reminds merchants to visit our Web site to download the Y2K software to avoid any transaction processing difficulties, or call 1-800-900-6133.

About CyberCash CyberCash is a world leader in e-commerce technologies and services, enabling commerce across the entire market spectrum from electronic retailing environments to the Internet. CyberCash provides a complete line of software products and services allowing merchants, billers, financial institutions and consumers to conduct secure transactions and other e-commerce functions using the broadest array of popular payment forms. Credit, debit, purchase cards, cash, checks, smart cards and alternative payment types (e.g., "frequent buyer" or loyalty programs) are all supported by CyberCash payment solutions. More information on CyberCash can be found at www.cybercash.com.

# # #

-- Jennifer Bunker (jen@bunkergroup.com), January 07, 2000.

Thank you to the Center for Y2K and Society for this lead: http://www.latimes.com/news/reports/millennium/y2k/20000106/t000001994 .html

Y2K Glitch Is Causing Multiple Charges for Some Cardholders

Banking: Maker of software system behind the error in credit and debit transactions blames merchants who didn't upgrade before 2000.

By EDMUND SANDERS, Times Staff Writer

A credit- and debit-card processing problem--stemming from a Y2K- related software glitch--is causing thousands of Visa and MasterCard customers around the world to be repeatedly charged for the same transaction.

The problem, which arose in transactions occurring after Jan. 1, has been traced to a software system used by more than 100,000 retailers and merchants globally.

It was unclear how many customers have been affected, but officials said they believed the foul-up was not widespread.

"We don't think this is huge but we don't have any numbers," said Sharon Gamsin, a MasterCard spokeswoman.

Nevertheless, the glitch is the most significant Y2K problem faced thus far by the U.S. financial services industry, which largely escaped major disruptions because of the date rollover. The industry spent nearly $10 billion to upgrade its systems.

Officials at Virginia-based CyberCash, which developed the ICVerify software that is causing the problem, said the snafu appears to be occurring only at point-of-service terminals owned by merchants and retailers who failed to upgrade software systems before the end of 1999.

"A fair number of merchants had the good sense to download the upgrade before Jan. 1, but a fair number did not," said Sydney Rubin, a spokeswoman for CyberCash.

She did not know how many merchants or customers have been affected.

One large card-processing customer reported that it has so far experienced problems with about 4,000 transactions out of nearly 100 million completed since Jan. 1, Rubin said.

Because the problem stems from the merchant software, and not the bank or credit card issuer, officials believe that American Express and Discover cardholders also may be vulnerable. Officials at the two credit card giants couldn't be reached for comment late Thursday.

CyberCash is urging merchants who still are using old software systems to contact the company or download the software fix.

Banks and credit card issuers began noticing the problem this week, when computer monitoring systems picked up on a sudden increase in duplicate postings of the same transaction.

Officials at San Francisco-based Wells Fargo Bank said they have detected problems with about 70 of the 1,300 merchants that use the CyberCash system. The bank does not know how many of its customers have been affected, but it estimated that less than 1% have been overcharged.

Customers who have been affected will not be responsible for the charges or for any fees associated with the mistake, spokeswoman Kathleen Shilkret said.

-- Jennifer Bunker (jen@bunkergroup.com), January 07, 2000.