I just got this in the mail:

January 7, 2000

Contact: Stephen M. Apatow President, Humanitarian Resource Institute Eastern USA: (203) 668-0282 Western USA: (775) 884-4680 Internet: http://www.humanitarian.net Email: sma@humanitarian.net

CONCERNS BEGIN OVER CORPORATE AND GOVERNMENTAL DECISIONS TO LIMIT INFORMATION FLOW REGARDING Y2K TECHNOLOGY PROBLEMS & FAILURES

With the fear of creating a feeling of uneasiness among clients, investors and citizens, many U.S. and international corporations as well as government agencies are making unusual efforts to keep any internal news from leaking regarding the public relations nightmare of Y2K compliance. In the light of this reality, concerns arise as to the communication of information that is crucial to the planning of initiatives that relate to public safety or humanitarian concerns.

A recent report from the Center for Y2K & Society, Impact Monitoring Web Site (http://www.y2kcenter.org/resources/glitches/index.html) read:

Credit Card Processing Company Could Be First Major Multi-system Y2K Failure:

"The GICC has learned through 3 separate unnamed sources that a prominent credit card billing and processing company has incurred Y2K errors that are causing multi-system data error ramifications. Apparently, as many as 40,000 POS merchants may be affected, and as many as 150,000 credit card transactions may be involved. The problem, in part, seems to be that accounts are being double-billed after the initial credit purchase, then billed once per day after that." -- Jennifer Bunker, Governors Coalition for Y2K Preparedness, Salt Lake City, Utah -- Grassroots Information Coordination Center

The following response was submitted by Leon A. Kappelman, Ph.D. Co-chair, Society for Info. Management Y2K Working Group Steering Committee, YES Volunteer Corps:

"The computers of one of the largest point of sale credit card approval companies are posting transactions multiple times to credit card accounts. My information is that the President's Council and the Federal Reserve has decided not to make any public statement about this since it is a "private sector problem" although the banks wanted them to do so. Bottom line, watch your credit card bills and if you can do so to avoid using your credit card until this is fixed -- It shouldn't be long as I understand that the patch is available for download to the POS terminals and the media is already on to the story."

INTERNATIONAL APPEAL FOR MEDIA REPORTS

In an effort to enhance the flow of legitimate Y2K problem reports which are crucial to facilitating an appropriate humanitarian response by the international community, Humanitarian Resource Institute is requesting increased reporting and submissions of articles/links to y2kreports@humanitarian.net

Reports will be accessible on the Year 2000 Technology Challenges Report Web Site:
http://www.humanitarian.net/challenges.html

-- Steve Davis (Columbia, MD) (Steve@davislogic.com), January 07, 2000

Answers

This report just in from the ICC - they indicated that they did not kow about this until the 6th although the problem had been occuring since the 1st:

Bank credit card companies reported to financial regulators on Thursday, January 6, that they have identified and are taking steps to correct a potential Y2K-glitch involving some credit card transactions. According to the industry, merchants that did not make use of free upgrades provided during 1999 for a software package manufactured by CyberCash, Inc. could experience a "back-office" glitch that produces duplicate postings of charges made after January 1. The problem affects primarily smaller retailers; most major retailers use their own software. Credit card companies normally monitor postings for evidence of double charges and reconcile them with affected merchants before items are posted on cardholder accounts. According to the industry, credit card companies typically see 2,000 to 3,000 duplicates out of 100 million transactions a day.

-- Steve Davis (Columbia, MD) (Steve@davislogic.com), January 07, 2000.

Here is the offical version from VisaNet:

MasterCard has received reports that issues with some merchant terminal software are resulting in multiple postings of transactions to cardholder accounts since January 1, 2000. The software is provided by ICVerify, which is owned by CyberCash.

This error causes transactions to be posted repeatedly each day, and began January 1, 2000. Thus, a transaction that first appeared on January 1, has been repeated January 2, 3, 4, 5 and so forth. We believe this impacts various payment brand transactions as well as both credit and off-line debit transactions. MasterCard is notifying issuers and acquirers to the potential problem.

MasterCard is working with issuers to identify impacted cardholders and is working with acquirers to identify potential duplicated merchant transactions for expeditious correction. Until further notice, issuers and acquirers are encouraged to follow normal business practices to resolve these duplicate transactions.

An internal PRT (Problem Resolution Team) has been initiated and future updates on this problem will be forthcoming. We also hope to receive a statement from ICVerify/CyberCash with additional information as to the problem, steps toward resolution and anticipated time frames.

Year 2000 Readiness Disclosure CONNECTIONS REPORT ISSUED ON JANUARY 6, 2000, 20:00 GMT, 15:00 EST, 12:00 PST Visa recently became aware of an unusual pattern of duplicate transactions being processed through Visa's clearing systems. Research indicates that some portion of these duplicate transactions are related to certain merchants using application software provided by IC Verify Inc., a subsidiary of CyberCash, Inc As reported by the vendor, IC Verify, Inc., terminal batch files containing transactions from previous day activity since January 1, 2000 are aggregated and repeatedly submitted to the BASE II System for clearing and settlement. Duplicate transactions, as processed by Issuers under standard reconciliation procedures, could result in duplicate transactions being repeatedly posted to cardholder records. The vendor, IC Verify, Inc, is making software upgrades available free of charge via its web site. At present, Visa has dedicated a senior management and operational team to collaborate with Members, processors, business partners, and regulatory agencies to assess the scope of the situation, identify affected merchant locations, develop a resolution strategy, tactical plans, and communicate information to Members and processors. The VisaNet Clearing and Settlement System is designed to detect and identify duplicate transactions in clearing records. This capability has enabled Visa to provide reporting of affected transactions to help expedite corrective actions. As part of normal operating procedures to address duplicate transaction records, Visa notifies Acquirers daily of duplicate transactions and requires them to submit reversals within 24 hours of notification from Visa. At the same time, Visa notifies affected Issuers for them to follow their own procedures in supporting cardholder inquiries. Current duplicate volume being processed through the Visa clearing system does not suggest a need to modify existing business operations. Visa will monitor this trend closely and notify Members as appropriate. Visa will continue to aggressively monitor and work with all business partners in the payment processing value chain to maintain the integrity of the Visa brand and the VisaNet payment processing systems. We will continue to broadcast updates, news and information to you through future issues of VisaNet Customer Connections. In the meantime, if you have any questions, please contact your Account Manager. Alternatively, you may call Account Management Support in Foster City, CA at (650) 432- 1426 or Account Management Support in McLean, VA at (703) 287-1810. Distribut ion: T1 /T2 / ACH / Other VISANET CUSTOMER January 6, 2000 Volume 2 Number 10

-- Steve Davis (Columbia, MD) (Steve@davislogic.com), January 08, 2000.