Coding error at Santander Bank put millions into random accounts on Christmas

I worked for a &quot;systemically important financial institution&quot; (known as SIFIs in the industry). I also worked on critical functionality, like payment processing, wire transfers, etc. Seeing how that sausage was made was eye-opening.<p>One time, there were reddit threads circulating where customers were complaining about logging into their bank accounts then seeing the information of another user. I brought up during stand up, and my team lead freaked out, took me around the corner in the hall way, and screamed at me for 10 mins straight about how I am compromising the security practices of the company (OK, guy). Weirdly, there was not mainstream media attention or any discussion internally. My guess is the policy is to suppress aggressively when flaws become public, especially with security.<p>Given the nature of the financial services business, you would think they would have the highest paid and most competent tech workers, but fuck no. For the most part, we would hook up FOSS components to talk to our legacy back end monoliths (usually mainframe dinosaur machines that should have been extinct a long time ago) and then render the desired output to a web or mobile interface. So the good news is that your security is as good as the open source engineer&#x27;s implementation (which most of the time would be Java &#x2F; Spring &#x2F; Oracle &#x2F; Pivotal, or C#&#x2F; .net &#x2F; MS) bc that is the tooling we would build on. More good news is that, due to risk aversion, things do not change often at banks bc of fear of mistakes (downside being that there is les innovation).<p>In all honesty, I would rather trust amazon, google, or even netflix with my finances over big banks. Except facebook, never trust facebook.

I had something similar happen to me- my compensation included a big incentive bonus based on an annual target, but half was paid out in advance in like June to smooth out the income a bit. One year somebody in payroll royally screwed up and at the half year mark instead of 1&#x2F;2 of the bonus everyone ended up with the full bonus.<p>The insane&#x2F;awesome thing was how they clawed it back. The did require everyone pay back money, but only the money that was left after any payroll deductions. Between taxes, insurance, flexible spending accounts, retirement savings, and some other automatic deductions close to 50% of my pay check is deducted, so I walked off with what was effectively a 2.5% bonus. I was pretty happy to send back what they asked for at that point…

Almost a decade ago I deposited a 10k check at the bank and was told the usual (in my case) that it would take x days to clear. After x days and not even seeing a trace of it in online banking I went to the branch.<p>They were unable to find the deposit or transaction in their system, yikes!<p>Fortunately I had the little receipt they gave me at the time of the transaction and within half an hour 10k deposit was made available but interestingly the deposit did not come from the check writer but the bank itself. Always curious to me. Never got a clear explanation but I would have been SOL without that transaction receipt!

All of the payment system processes are structured around banks rather than individuals . What if a similar transaction error was committed by an individual or a business managed by an individual, the amount of hardship and pain they have to go through , before all those transactions could ever be reversed.

This is not a coding error but partly a configuration error mixed up with poor general routines complemented by bad practice. Also the banking infrastructure doesn’t help.<p>Instead of fixing these issues this incident will most likely change regulations in a way that it will be easier for banks to reclaim funds lost in similar ways in the future.<p>What consequences I can only speculate- but it might very well have severe negative effects.

Alas a lot of people are going to discover that Monopoly&#x27;s &quot;bank error in your favor&quot; card doesn&#x27;t work in the real world :D

Ebenezer Scrooge strikes on Christmas. This is unfortunate I have had something similar happen where I thought the funds were there and spent more money then I had. What happened was Microsoft lost the payment info or something on a laptop I purchased and did not take it from my account for 3 months. I did so much Christmas shopping at the time I honestly didn&#x27;t realize they had not taken it out so I made another big purchase and then all of a sudden they took out $1500 catching me by surprise. Had I realized they did not take it right away I would have not continued to spend as I did. I know I am responsible for keeping track but the way it showed up and disappeared on my banking app honestly confused me initially. I feel sorry for these people who may have thought they had a bit more so made an extra purchase or two and now have this money taken back and stuck with their purchases.

Did they introduce microservices and learned distributed transactional consistency is hard - the hard way?

What is going on with the denial of responsibility? Do you really get to say &quot;oops, don&#x27;t sue me&quot; in advance?

Would be nice if Santander bank can be a real Santa this time and write off the &#x27;mistake&#x27;.

Kids, this is why I did my best to avoid working on Payroll Systems at all costs. So far so good :)<p>&gt;&quot;It ruined my holiday period because I thought I&#x27;d paid out hundreds of thousands in error — I thought I had done something wrong,&quot;<p>But, if you can manage the stress, I would think that position would be very secure.

You&#x27;re not entitled to keep the money, but I always wonder what would happen to the interest if you dumped millions of dollars into your savings account. Do they take that away too?

The HN title says it was a &quot;coding error&quot; but the article title is &quot;Bank accidentally deposits $176 million into people’s accounts on Christmas Day&quot; and the article does not say it was a software error:<p>&quot;The bank said the duplicate payments were caused by a “scheduling issue” that has now been rectified.&quot;<p>It could have been a software bug but it could also have been a human error.

Not following. The recipients received the payments twice. But did the affected business accounts also get debited twice? I&#x27;d assume some would have run out of funds or hit a credit line.<p>I know nothing about how real life banking software works. (I guess I&#x27;m glad not to know...) But I&#x27;d assume the blance of both affefted accounts are updated in an ACID transaction?

So it&#x27;s like Superman III...

I must admit that the brief appearing of a Gringotts gnome with the face of the bank CEO in Harry Potter was a priceless moment.

The title should read as &quot;scheduling error&quot;, there is no mention that I can see of a coding error.

The original link is CNBC as stated in the article. <a href="https:&#x2F;&#x2F;www.cnbc.com&#x2F;2021&#x2F;12&#x2F;31&#x2F;santander-accidentally-put-millions-into-random-accounts-on-christmas-day.html" rel="nofollow">https:&#x2F;&#x2F;www.cnbc.com&#x2F;2021&#x2F;12&#x2F;31&#x2F;santander-accidentally-put-m...</a>