Sage Pay upgrade glitch forced poor password picks

Payment provider Sage Pay is investigating a weekend upgrade that resulted in a minority of users being obliged to adopt a less secure password that only contained alphanumeric digits.

The issue was brought to our attention by a number of Reg readers who told us the upgrade "knocked off users who use special characters in their passwords". In addition, one told us that surfers who used IE were advised to switch to Firefox to use MySagePay.

Sage Pay, which bills itself as the largest independent payment provider in the UK and Ireland, disputes this latter point while acknowledging that a small number of users were inadvertently inconvenienced by the upgrade. It has promised to mount an investigation.

Mat Peck, head of R&D at Sage Pay, explained: "Over the weekend, we upgraded our Sage Pay infrastructure, so that transaction processing is not only even more resilient, but also half a second faster per transaction.

"Following feedback from over 3,000 customers in the Spring, as well as focus groups, tech previews and a test site that has been live since the beginning of October, this upgrade has also added more functionality to My Sage Pay.

"We’ve also included a new API-based system to allow customers to reconcile transactions with their own back-office systems if they wish to do specialised reporting."

The upgrade process failed to slot into gear for an unspecified minority of Sage Pay users. "It’s been a huge project and we are really sorry that a small minority of our 32,000 customers have been affected by this weekend’s upgrade," said Peck.

"We don’t know why the customer you referenced was asked to change their login credentials to just letters and numbers, as we do allow some special characters in passwords and these have remained consistent since before the upgrade this weekend. We have started an investigation into why this happened."

Peck said that users were asked to upgrade IE 6 - to later versions of the browser or Firefox - and not advised to ditch Microsoft's market-dominant browser software.

"With regards to your point about users being asked to use Firefox instead of IE, that’s not quite true," Peck explained. "We have asked all users to upgrade from IE 6 for their own security. However, for those that cannot, we have advised they should use Firefox instead."

Our contact in the Sage Pay user community said he was already running IE 8, so either support staff are giving out incorrect information (always a possibility) or an awkward browser compatability problem not identified during the beta testing of the update has emerged.

Sage Pay developers are committed to "resolving any outstanding issues" and ensuring the successful upgrade, Peck added. ®