The Channel logo


By | John Leyden 26th October 2010 14:27

Sage Pay upgrade glitch forced poor password picks

Odd spacial character snafu causes confusion

Payment provider Sage Pay is investigating a weekend upgrade that resulted in a minority of users being obliged to adopt a less secure password that only contained alphanumeric digits.

The issue was brought to our attention by a number of Reg readers who told us the upgrade "knocked off users who use special characters in their passwords". In addition, one told us that surfers who used IE were advised to switch to Firefox to use MySagePay.

Sage Pay, which bills itself as the largest independent payment provider in the UK and Ireland, disputes this latter point while acknowledging that a small number of users were inadvertently inconvenienced by the upgrade. It has promised to mount an investigation.

Mat Peck, head of R&D at Sage Pay, explained: "Over the weekend, we upgraded our Sage Pay infrastructure, so that transaction processing is not only even more resilient, but also half a second faster per transaction.

"Following feedback from over 3,000 customers in the Spring, as well as focus groups, tech previews and a test site that has been live since the beginning of October, this upgrade has also added more functionality to My Sage Pay.

"We’ve also included a new API-based system to allow customers to reconcile transactions with their own back-office systems if they wish to do specialised reporting."

The upgrade process failed to slot into gear for an unspecified minority of Sage Pay users. "It’s been a huge project and we are really sorry that a small minority of our 32,000 customers have been affected by this weekend’s upgrade," said Peck.

"We don’t know why the customer you referenced was asked to change their login credentials to just letters and numbers, as we do allow some special characters in passwords and these have remained consistent since before the upgrade this weekend. We have started an investigation into why this happened."

Peck said that users were asked to upgrade IE 6 - to later versions of the browser or Firefox - and not advised to ditch Microsoft's market-dominant browser software.

"With regards to your point about users being asked to use Firefox instead of IE, that’s not quite true," Peck explained. "We have asked all users to upgrade from IE 6 for their own security. However, for those that cannot, we have advised they should use Firefox instead."

Our contact in the Sage Pay user community said he was already running IE 8, so either support staff are giving out incorrect information (always a possibility) or an awkward browser compatability problem not identified during the beta testing of the update has emerged.

Sage Pay developers are committed to "resolving any outstanding issues" and ensuring the successful upgrade, Peck added. ®

comment icon Read 12 comments on this article alert Send corrections


Alexandre Mesguich

Change is order of day as tech giants shift strategy gears

Frank Jennings

Confused? No problem, we have 5, no 6, no 7... lots of standards

Chris Mellor

VC sequence could end not with a bang, but a whimper
Sad man stares glumly over boxed contents of desk. Image via shutterstock (Baranq)


money trap conceptual illustration
Big boys snare the unwary with too-good-to-be-true deals
Angus Highland cow
Pet carriers not wanted for whitebox stampede
Sorry OpenStack and Open Compute, we're not all Facebook
Gary Kovacs, CEO of AVG. Pic: World Economic Forum
Scammy download sites? Government snooping? Run of the mill for Gary Kovacs