The Channel logo

News

By | John Leyden 26th October 2010 14:27

Sage Pay upgrade glitch forced poor password picks

Odd spacial character snafu causes confusion

Payment provider Sage Pay is investigating a weekend upgrade that resulted in a minority of users being obliged to adopt a less secure password that only contained alphanumeric digits.

The issue was brought to our attention by a number of Reg readers who told us the upgrade "knocked off users who use special characters in their passwords". In addition, one told us that surfers who used IE were advised to switch to Firefox to use MySagePay.

Sage Pay, which bills itself as the largest independent payment provider in the UK and Ireland, disputes this latter point while acknowledging that a small number of users were inadvertently inconvenienced by the upgrade. It has promised to mount an investigation.

Mat Peck, head of R&D at Sage Pay, explained: "Over the weekend, we upgraded our Sage Pay infrastructure, so that transaction processing is not only even more resilient, but also half a second faster per transaction.

"Following feedback from over 3,000 customers in the Spring, as well as focus groups, tech previews and a test site that has been live since the beginning of October, this upgrade has also added more functionality to My Sage Pay.

"We’ve also included a new API-based system to allow customers to reconcile transactions with their own back-office systems if they wish to do specialised reporting."

The upgrade process failed to slot into gear for an unspecified minority of Sage Pay users. "It’s been a huge project and we are really sorry that a small minority of our 32,000 customers have been affected by this weekend’s upgrade," said Peck.

"We don’t know why the customer you referenced was asked to change their login credentials to just letters and numbers, as we do allow some special characters in passwords and these have remained consistent since before the upgrade this weekend. We have started an investigation into why this happened."

Peck said that users were asked to upgrade IE 6 - to later versions of the browser or Firefox - and not advised to ditch Microsoft's market-dominant browser software.

"With regards to your point about users being asked to use Firefox instead of IE, that’s not quite true," Peck explained. "We have asked all users to upgrade from IE 6 for their own security. However, for those that cannot, we have advised they should use Firefox instead."

Our contact in the Sage Pay user community said he was already running IE 8, so either support staff are giving out incorrect information (always a possibility) or an awkward browser compatability problem not identified during the beta testing of the update has emerged.

Sage Pay developers are committed to "resolving any outstanding issues" and ensuring the successful upgrade, Peck added. ®

comment icon Read 12 comments on this article alert Send corrections

Opinion

Privacy image

Frank Jennings

Two working parties, ministers galore... but data transfer law remains in limbo
EMC_Unity_bezel

Chris Evans

It does simplify the hardware setup, whatever it is
A microscopic view of the biometric shark skin. Pic: James Weaver

Chris Mellor

Do something and stop faffing about in the bush league

Kat Hall

International system in general needs greater transparency

Features

Nerd fail photo via Shutterstock
Shouting match
Single market vs. rest of the world
hacker
Mostly it's financial crime. Here's what all the cool kids' terms mean in English
Apple logo. Pic: Blake Patterson
Plenty of bumps in the 40-year road for Mac makers