In an event that underscores the critical importance of careful procedural testing in the digitized financial sector, payment provider ACI Payments, Inc., along with its parent company, recently settled to resolve substantial allegations of consumer law violations. The violations in question were tied to an inadvertent testing error that resulted in unauthorised attempts to withdraw an incredible $2.3 billion from the accounts of about half a million mortgage borrowers. According to a minority of the country’s Attorney Generals (AGs) who settled with the accused companies, strict protocols had not been followed leading to this unique stumble on their part.
The error took place when ACI was undergoing software testing for its payment systems. Often, software in the financial sector undergoes rigorous testing in a separate environment from the live systems, minimizing the chances of unintended real-world impacts. In this case, however, it appears that there was a major oversight in the testing procedure which led to the erroneous conclusion that the tests were happening in a secure staging environment, when in fact, they were running on the live servers.
As a direct fallout, withdrawal instructions were issued to approximately 500,000 mortgage borrowers’ accounts. Fortunately, most banks flagged these anomalous and potentially fraudulent activities, preventing the majority of the unauthorised transactions; still, some of them ended up being processed, which drew the attention and ire of regulatory bodies.
ACI settled with the coalition of fifty AGs to manage the allegations that they had violated state consumer protection laws and regulations due to the testing error. This serves as a stark reminder for organizations, particularly those in the finance sector where large sums of money are processed routinely, to strictly adhere to operational protocols — especially when they concern procedural testing methodologies.
The potential costs of such errors, both financial and reputational, can be immense. In this increasingly learning-dependent and interconnected world, the importance of maintaining exacting standards of operational excellence cannot be overstated. In that regard, ACI’s costly mishap serves as a valuable lesson to companies across industries, emphasizing the need for diligent attention to system testing and risk management strategies.