I walked in this morning to find multiple Authorize.net accounts failing all transactions with a General Error. I called Authorize.net around 8 am Eastern and got connected to a woman who said I was breaking up. Then I launched a Live Chat, and Brandon S. told me that I needed to contact my bank. He confirmed that lots of other people were having the errors, but that I needed to contact my bank for resolution. So I called my bank (Wells Fargo) who had no idea what was going on and said to try back at 9 am. When I called again, they admitted they were getting a lot of calls about this but weren’t sure what was going on. Twitter starts lighting up with people reporting similar problems. All for an outage that had been going on since around 4 am Eastern according to our logs.
So now it looks like a First Data change broke Authorize.Net, or the other way around, or in some other way in which I shouldn’t have to care: it still took you half a day to admit that you had a problem and then get it resolved. That’s what happens when you play the blame game instead of investigating issues yourself.
Here’s what you should have done:
You should have noticed a high percentage of these errors occurring during the night.
You should have noticed that they were all related to a particular processor.
You should have alerted that processor, posted a status message to your home page, and alerted your customer service staff.
Instead, you told individual customers to call their banks and fend for themselves. You said, “it’s not my problem.”
This is typical Authorize.Net; time and time again, I see you passing the blame onto someone else:
Instead of implementing two-factor security, you require us to change inane security questions and passwords constantly.
Instead of improving account security through alerts for suspicious behavior, you make merchants sign a release form for ECC because it’s always easier to pass the buck than it is to make your system better.
Instead of improving the very real use case problems with CIM, you let developer complaints on the forums go without action for years.
Instead of making refunds easy to handle like YOUR PARENT COMPANY CyberSource, you document that each individual merchant needs to void and recapture instead of implementing this functionality once, for everybody, yourselves in the API. Which means storing the card details (hi PCI DSS!) or battling CIM.
I’m beginning to think that nobody actually works on customer feedback or new features at Authorize.Net. Instead, it’s all maintenance on a decade-old platform and API that, because it’s been running for this long, there must be nothing wrong with it.
You are setting your company up to be disrupted by a new player. You need to act now by not being a payment gateway but by being a company that simply helps customers accept credit cards, and that means figuring out what’s wrong any time, every time.
Otherwise, you’re just another middleman passing the buck, and you will be replaced.
Thanks for listening.
