On Thursday, a number of our customers experienced an issue which meant they were charged for the same transactions twice. Our first priority has been to ensure that you, our valuable customers, do not suffer. So we’ve done our best to refund all duplicate charges.
Please bear in mind that payments can take up to 3 working days to reach your account. Do get in touch with our CX (Customer Experience) team if you haven’t received your refund after 3 days. No one should be out of pocket.
Of course, what has happened is not good enough. This is not the level of service we aspire to provide you. We are doing everything in our power to ensure it won’t happen again.
To explain things further, we’d like to run you through what exactly happened, what we did to fix it, and how we are making sure this isn’t an issue in the future.
What happened exactly and how did we respond?
At 08:30 (UK time), we identified a problem and started receiving reports to say that transactions were being duplicated. Our CX team immediately began manually fixing the duplicated transactions while our tech team started investigating the root cause of the problem. By 09:30, it was clear that our payments processor was sending every transaction to us twice. We immediately kicked off four streams of work:
- Ensuring that our CX Champions were aware of the issue, and knew how to reverse the double charge for customers who contacted Curve.
- Engaging with our payments processor in order for them to stop sending us these duplicate transactions.
- Updating our systems to protect ourselves from these duplicates.
- Preparing to automatically reverse all the duplicates that CX had not already fixed.
At 12:40, our processor identified the cause of the issue as a new software release they had made earlier that morning, and by 13:00 the duplicates had slowed to a trickle. But Curve still had a massive backlog of duplicated transactions to resolve.
During the afternoon, our CX team continued dealing with issues manually, and we started prioritising high value transactions to minimise customer impact. Our engineering teams started cross-checking the list they had compiled of duplicated transactions.
At 19:00, we started processing automated reversals and continued until all transactions were fixed – this happened about 01:00 on Friday morning.
Why did this happen?
Before explaining why it happened, we thought a bit of background about card payments might be useful.
When you make a payment with your Curve card, the merchant – that’s the business that you’ve made a purchase from – sends a message via the Mastercard network to Curve’s processing partner. The processor does some checks on the message, then passes it on to Curve. Curve acquires the funds on the customer’s selected funding card, and passes the result back to the merchant, who completes the transaction. All this happens within seconds. Some minutes or hours later, the transaction is finalised and the funds are moved from your bank, via Curve, to the merchant.
So what’s the role of the processor in this chain? The processor connects to the Mastercard network and handles messages on behalf of several fintechs and banks. They are there to look after some of the more complicated technical stuff on behalf of their clients. They are there to shield their clients from problems, but unfortunately on this occasion they instead caused a massive problem. The duplicate messages were created by their system, and they were sent to Curve, flagged as new transactions, so our systems dutifully processed them without detecting they were duplicates.
What have we done to fix it? And how will we stop it happening again?
So what is Curve doing to make things better? Our first priority has been to ensure that you, our important customers, do not suffer. We’ve done our best to reverse all of the duplicate transactions so no one is out of pocket.
We repeat: What happened is not good enough. To ensure that this will never happen again, we will implement duplicate transaction detection within our systems to protect us and yourselves in cases such as this. Our longer term strategy is to reduce our reliance on 3rd parties for any part of our payment processing.
Meanwhile, we are reviewing our relationship with our processing partner. Our ambition is to scale globally as we expand into the US and beyond, and we need reliable partners who can support this. We want to offer our customers a robust and reliable service. That process will be accelerated following this incident.