 DC DSLThere's a reason I'm Command.Premium
join:2000-07-30
Washington, DC
kudos:2
 ·Covad Communicat..
·Verizon Online DSL
| Abso-frickin-lutely Unbelievable The same stupidity that can't be bothered implementing/enforcing strict data retention and security compliance policies on merchants also can't be bothered with ensuring there is a viable and thoroughly tested diaster prep/continuity plan in place.
I hope they get blown off the map for this. We can't afford having critical components of the financial system that are run by incompetents. Disaster planning is really not that hard...there are lots of us consultants who offer that expertise and guidance. No, it just takes committed funding and resources than most modern businesses refuse to accept the value-benefits of.
Tar and feather the moron who didn't make sure they had an alternate continuity site that could be hot in less than 90 mnutes.
--
There is no giant fur-bearing trout. |
|
|
|
| said by DC DSL:~snip~ ...it just takes committed funding and resources than most modern businesses refuse to accept the value-benefits of. DING DING DING DING DING...We have a WINNER!!! |
|
 SLDPremium
join:2002-04-17
San Francisco, CA | reply to DC DSL
said by DC DSL:I hope they get blown off the map for this. They are a great gateway, with a fantastic API and uptime. I'd like them to survive this and improve their redundancy. |
|
 kewlkeedGrouchPremium
join:2005-02-05
Knowlton, QC
kudos:1 | reply to DC DSL
said by DC DSL:Disaster planning is really not that hard...there are lots of us consultants who offer that expertise and guidance. No, it just takes committed funding and resources than most modern businesses refuse to accept the value-benefits of. Not a direct hit towards you, but a good majority of so called consultants aren't worth their weight. Granted a company like this has zero/zilch excuse for what has happened... Perhaps they hired one of these wannabe consultants.
But more than likely, the top levels pinched the mighty dollar and refused to spend boatloads on something that might never happen. "It's better to have it and not need it, than to need it and not have it."
So how's that workin' for ya Authorize.net?
--
Justin - DSLR resident grouch and Mr Negativity
TSI Fanboy - "Dontchya wish your 'net was hot like mine! Ohhh Dontchya!"
Have a nice day! |
|
jimkPremium
join:2006-04-15
Raleigh, NC Reviews:
 ·voip.ms
 ·RoadRunner Cable
4 edits | reply to DC DSL
said by DC DSL:No, it just takes committed funding and resources than most modern businesses refuse to accept the value-benefits of. I'm going to refrain from talking about this situation too much more until we know more about what happened, but you do have a good point. Most of the time, businesses are warned before things go wrong. Sometimes, they decide to take the risk. |
|
DC DSLThere's a reason I'm Command.Premium
join:2000-07-30
Washington, DC
kudos:2 Reviews:
·Covad Communicat..
·Verizon Online DSL
| said by jimk:I'm going to refrain from talking about this situation too much more until we know more about what happened, but you do have a good point. Most of the time, businesses are warned before things go wrong. Sometimes, they decide to take the risk.
Whatever the specifics about the situation, what is absolutely crystal clear is their procedures and BDC weren't capable of accommodating realtime failover or going hot fast enough to avoid a catastrophic outage. There should be full-scale tests of catastrophic scenarios at least once a year, and follow-up on and verification of any corrective measures recommendations no more than 60 days after a test. They should be testing less-criticial failure scenarios a few times a year. If anything, this makes sure that everyone knows what they're supposed to do, and correct any weaknesses.
Something like this can't be excused or explained away. They're probably going to get spanked pretty hard by the logos...the inability to complete transactions in a timely manner costs the logos and the issuing institutions real money, and bad PR points. They'll probably get wallopped with lawsuits from merchants as well.
--
There is no giant fur-bearing trout. |
|
DolganPremium
join:2005-10-01
Sun Prairie, WI Reviews:
·Charter
| Each business needs its own backup plan It is also unbelievable that businesses do not have their own backup plans. All walk-in businesses should have knucklebusters and carbon reciepts so they can run charges the old fashioned way, and call them in/input the info into the web later. Saved my butt at several restaurants when the phone lines went down, or the powere went out. Furthermore, if their phone lines are not down they can manually call in each credit card transaction...this is not rocket science, and the workarounds are there for each business to utilize if they so desire. The only exception may be web based merchants who would not have access to the 2 workarounds provided. It does suck that this happened, but there are temporary, albeit inconvenient, workarounds. |
|
DC DSLThere's a reason I'm Command.Premium
join:2000-07-30
Washington, DC
kudos:2 Reviews:
·Covad Communicat..
·Verizon Online DSL
| The logos don't want paper or manual call-in...their beancounters don't want the expense of supplies and staffing that requires. Statistically "significant" or widespread network outages are uncommon, so when contrasted to the cost of supporting manual auth, it's not justifiable in their eyes. Unfortunately, with all the consolidation in financial services over the last few years, while there are fewer points of failure there is far greater likelihood that any single failure could quickly cascade to a national or global scale...as this situation makes quite apparent.
If anything, people should be smart and heed those warnings to keep a stash of cash on hand for emergencies. It doesn't take a natural disaster or terrorist attack to muck things up...a fire or a backhoe could just as easily ruin a lot of people's days.
--
There is no giant fur-bearing trout. |
|
| reply to Dolgan
said by Dolgan:All walk-in businesses should have knucklebusters and carbon reciepts so they can run charges the old fashioned way, and call them in/input the info into the web later. ... Furthermore, if their phone lines are not down they can manually call in each credit card transaction...this is not rocket science, and the workarounds are there for each business to utilize if they so desire. The only exception may be web based merchants who would not have access to the 2 workarounds provided. Exactly.
said by DC DSL:The logos don't want paper or manual call-in Mastercard and Visa *require* merchants to have imprinters and card slips to use in case of an outage--be it small scale or large scale. Yes, it creates more work/costs, but they'd rather get that type of transaction than NO transaction. |
|
 Seph83Gone InsanePremium
join:2004-04-29
Blairsville, GA | My retail company uses First Data for it's authorizations, and when they go down or our Fractional T1 goes down, we ask for the person using the Credit/Debit Card's ID, and verify that it's their card, and then manually override and accept the transaction through the POS. Our servers store the transaction locally, until we are back online, and it sends it in for processing. This way, the customer gets their products, which keeps them happy, it's simple and easy, and if there is a problem with their card, then First Data or their Bank/Credit Company has to deal with it. It's win-win.
Besides, I'll be damned if I'd let someone "rack-slide" my credit or debit card. Yes, lets just give your full credit card info to some store peon so they can max it out for you... I think not...
--
"I've always been crazy, but it's kept me from going insane." ~ Waylon Jennings |
|
