Double-booking glitch at Capital One a red flag for all banks

Over the last several days Capital One experienced technical glitches that caused many customers to be charged multiple times for the same debit card transactions. By Thursday morning, the bank announced on Twitter that the issue was resolved and that all balances should be accurate.

Still, this was a serious incident. Some customers ended up with a negative balance and were hit with overdrafts. For others, it was an inconvenience — they experienced long hold times as they tried to call to find out what was going on and had to cancel their cards and wait for a new one.

For the industry, it’s a cautionary tale about the unintended consequences of giving customers real-time views of their transactions, the need to communicate effectively with customers when glitches happen, and the importance of devoting sufficient resources to core-software testing and maintenance even as IT resources are shifted to innovative new technologies.

What happened

On Wednesday morning, dozens of Capital One customers took to Twitter to complain of erroneous charges on their debit card accounts.

A Capital One spokeswoman said Thursday that the problem was an “internal technical issue” and not the result of fraud or a cyber attack. The issue affected some branch account holders who used their debit cards on Dec. 31, the mistaken charges appeared Wednesday, and they were cleared up Thursday, she said.

One Capital One customer (full disclosure: a colleague of mine at American Banker) over the weekend appeared to have fraudulent transactions on his account that may then have been subject to the multiple bookings.

He received a fraud-alert text message Saturday night saying that unusual activity had been spotted on his debit card. He called and was asked about a list of charges totaling roughly $600 that looked suspicious. He told the call center rep none of the charges were his and agreed to cancel the card. The next morning, he checked his account and saw that there were eleven charges racked up at an out-of-town convenience store, with all but two for the same amount of $32.27.

“That struck me as odd,” he said. “That was the last I heard of it” until he saw a news report on the double-charging Wednesday night and thought they might be connected.

The Capital One spokeswoman said Thursday that this activity was not related to the glitch and that the company intends to look into the case.

The bank had not offered any explanation at the time, he said. The customer service rep said, “Fraud happens — your card could have been skimmed,” he said he was told.

His calls Wednesday night led to a lot of hold time because of heavy call volumes. On Thursday morning, his account had been reimbursed for the full amount. Meanwhile, he’s waiting for his new debit card to arrive in the mail.

“I was annoyed a little but more than anything I was grateful they sent me this alert and that they caught it so quickly,” he said. “But I had my money in my account; it’s not like things started to bounce. For other people it could be a problem.”

The glitch may have occurred in Capital One’s core system.

“There are many processes tied to debit settlement in a financial institution —notices, fees, various online and mobile applications,” said a banker who did not want to be named. “If the fee file ran twice, inadvertently, it could easily explain why they were double charged. The underlying concern is, who's monitoring these large-scale bank processes to ensure this isn't happening daily? What holds banks accountable to ensure they’re not over-charging, outside of customer complaints?”

List of snafus in banking accounts and access in 2017 caused by glitches.

Another source, a former banker, noted that the problem might not be in the core system itself.

“There are a half-dozen hops between the front end clients see and the core, and the issue is most likely at one of those systems rather than the core,” the former banker said. “As banks have moved to services-oriented architectures, that has reduced the dependency on direct core integrations, but it has introduced a number of new points of failure.”

Usually duplicate issues happen in test environments and don’t make it into production, he said. If they do it’s for a subset of customers or account types.

“Capital One has a very strong information systems team, and I don’t think this is a sign of broader issues,” the former banker said. “Just a mistake that will be corrected overnight.”

How the bank responded

On Wednesday, after the initial customer complaints, Capital One issued a breezy tweet:

Thursday morning, it tweeted that the situation was under control.

Yet even after this apology, some customers still seemed upset.

Crisis communication, of course, is always difficult. A breezy tone could put customers at ease, so that they don’t panic. However, appearing to be flippant when money has apparently been drained out of customers’ accounts could backfire.

The former banker who spoke to me for this story recommended the use of personalized messages before and after login. Then “you are communicating with clients directly in the affected channel, and you can alert the client before they notice the issue, which means they will be hopefully less alarmed because they have been warned.”

Capital One says it communicated with customers through its mobile banking app and through online banking in addition to social channels.

Unintended consequence of digital banking

Technical glitches happen in financial institutions — they always have and they always will.

Jacob Jegher, a banking expert and head of strategy at Javelin Strategy & Research, noted that several Canadian banks have had outages in the past few days.

But the transparency brought by online and mobile banking means customers are far more aware of glitches than they were in the past. Before mobile apps came along, many customers would have waited for their monthly statements to see any errors, at which point it might be too late. And errors might have been fixed within the month, so the customers might never have seen them.

Today, mobile app users can see errors as soon as they happen, and they react by hitting the phones and social media.

“My biggest takeaway from this, having spent years focused on digital banking, is that mobile banking is a fantastic tool and it’s beneficial to the customer, because they can be alerted a lot faster to what is happening, in this case double-charging,” Jegher said.

To minimize the pain of this heightened awareness, and of the long hold times at call centers when large-scale glitches occur, Jegher offered an idea: more problem resolution built into the app. The app might let customers review their transaction, right click on one that looks fishy, and click on “dispute this,” thus instigating some kind of error resolution workflow.

“There could be more of a two-way stream where you can be notified as to the progress of the dispute or the flagging of the double-charge,” he said.

Another angle to this story is that Capital One has been an innovator on many fronts. It was the first to have an open API marketplace third parties can use to access customer data. It was one of the first to adopt agile and open-source development methods. It is possible that the focus on innovation has led to reduced attention to basic software testing and maintenance.

“Being able to release new features and functionality is going to be critical, but it has to be balanced with keeping the customer experience intact and offering the right level of service,” Jegher said. “It’s not just a problem with Capital One but with banks in general. It’s a double-edged sword — introducing innovative stuff while maintaining the systems you have in place.”

For reprint and licensing requests for this article, click here.
Debit cards Core systems Mobile banking Online banking Checking Bank technology Capital One
MORE FROM AMERICAN BANKER