The Channel logo

News

By | John Leyden 26th October 2010 14:27

Sage Pay upgrade glitch forced poor password picks

Odd spacial character snafu causes confusion

Payment provider Sage Pay is investigating a weekend upgrade that resulted in a minority of users being obliged to adopt a less secure password that only contained alphanumeric digits.

The issue was brought to our attention by a number of Reg readers who told us the upgrade "knocked off users who use special characters in their passwords". In addition, one told us that surfers who used IE were advised to switch to Firefox to use MySagePay.

Sage Pay, which bills itself as the largest independent payment provider in the UK and Ireland, disputes this latter point while acknowledging that a small number of users were inadvertently inconvenienced by the upgrade. It has promised to mount an investigation.

Mat Peck, head of R&D at Sage Pay, explained: "Over the weekend, we upgraded our Sage Pay infrastructure, so that transaction processing is not only even more resilient, but also half a second faster per transaction.

"Following feedback from over 3,000 customers in the Spring, as well as focus groups, tech previews and a test site that has been live since the beginning of October, this upgrade has also added more functionality to My Sage Pay.

"We’ve also included a new API-based system to allow customers to reconcile transactions with their own back-office systems if they wish to do specialised reporting."

The upgrade process failed to slot into gear for an unspecified minority of Sage Pay users. "It’s been a huge project and we are really sorry that a small minority of our 32,000 customers have been affected by this weekend’s upgrade," said Peck.

"We don’t know why the customer you referenced was asked to change their login credentials to just letters and numbers, as we do allow some special characters in passwords and these have remained consistent since before the upgrade this weekend. We have started an investigation into why this happened."

Peck said that users were asked to upgrade IE 6 - to later versions of the browser or Firefox - and not advised to ditch Microsoft's market-dominant browser software.

"With regards to your point about users being asked to use Firefox instead of IE, that’s not quite true," Peck explained. "We have asked all users to upgrade from IE 6 for their own security. However, for those that cannot, we have advised they should use Firefox instead."

Our contact in the Sage Pay user community said he was already running IE 8, so either support staff are giving out incorrect information (always a possibility) or an awkward browser compatability problem not identified during the beta testing of the update has emerged.

Sage Pay developers are committed to "resolving any outstanding issues" and ensuring the successful upgrade, Peck added. ®

comment icon Read 12 comments on this article alert Send corrections

Opinion

Chris Mellor

Drives nails forged with Red Hat iron into VCE's coffin
Sleep Cycle iOS app screenshot

Trevor Pott

Forget big-spending globo biz: it's about the consumer... and he's desperate for a nap
Steve Bennet, ex-Symantec CEO

Chris Mellor

Enormo security firm needs to get serious about acquisitions

Features

Windows 8.1 Update  Storeapps Taskbar
Chinese Buffet self-service
Chopping down the phone tree to scrump low-hanging fruit
An original member of the System/360 family announced in 1964, the Model 50 was the most powerful unit in the medium price range.
Big Blue's big $5bn bet adjusted, modified, reduced, back for more
Microsoft CEO Satya Nadella
Redmond needs to discover the mathematics of trust