OpenPath incident

Issue with amount being passed to PaymentLync

Notice Resolved View vendor source →

OpenPath experienced a notice incident on February 7, 2025, lasting —. The incident has been resolved; the full update timeline is below.

Started
Feb 07, 2025, 04:26 PM UTC
Resolved
Feb 04, 2025, 11:30 AM UTC
Duration
Detected by Pingoru
Feb 07, 2025, 04:26 PM UTC

Update timeline

  1. resolved Feb 07, 2025, 04:26 PM UTC

    There are a high amount of declines for NSF on transactions flowing through PaymentLync.

  2. postmortem Feb 07, 2025, 04:27 PM UTC

    Technical Issue Report #27 Summary On February 4, 2025, at 3:45 AM, a technical issue occurred, lasting 4.5 hours, which resulted in misplaced decimals in transaction amounts and led to customer overcharges. All affected transactions have been reversed. The issue stemmed from a format change related to a new 3DS feature. It was detected at 7:45 AM through merchant decline alerts, and a hotfix was deployed by 8:25 AM. In total, nine customers experienced financial impact, while 178 were unable to transact. Post-Mortem 1. Incident Summary 1. Date & Time of Incident: Tuesday February 4th, 2025 at 3:45 AM 2. Duration: 4.5 Hours 3. Impact: Consumers using the OpenPath and PaymentLync were being charged too much due to decimal placement 4. Severity Level: **Critical** 5. Reported By: Jason Martin at OpenPath 2. Root Cause Analysis 1. What Happened? An OpenPath update was released which had several new updates, one of the updates for PaymentLync caused Consumers to be billed two decimal places over, so $25.00 would become $2,500.00. 2. Root Cause: To facilitate the new 3DS data only feature with PaymentLync, OpenPath changed the Format of the amount being sent from 2500.0 to 2500. This change was made because at the time of testing the 3DS endpoint was only accepting integers. 3. Detection & Response 1. How Was It Detected? We received automated alerts of Multiple declines from Merchants at 7:45 AM and began investigating, when he found the issue. 2. Initial Response Actions: At 8:10 AM we met with the development team and created a hotfix which was deployed and live at 8:25 AM. 3. Time to Detection: 4 Hours 4. Time to Resolution: 20 Minutes 4. Impact Assessment 1. Users Affected: 9 Customers financially impacted which needed to be made whole again. 178 Customers that were unable to transact but were not financially Impacted. 2. Systems Affected: OpenPath PaymentLync Transaction API 3. Business Impact: Revenue loss, Reputational Damage for OpenPath, PaymentLync and Merchants.