h1

Give me space

2009-07-15

If you ever enter credit card information online, you’ll undoubtedly encounter the peculiar request to omit spaces from credit card numbers, such as on this fairly typical form:

Excluding spaces

Now, as an actual programmer of computery software, I see such requests as completely bizarre. There is absolutely no reason whatsoever why you, the human, should have to carefully avoid pressing the space bar while entering a credit card number. Since the bank, to whom this data will shortly be delivered, is expecting a credit card number, and since the bank defines what those look like, they can scrupulously throw away everything else you, or your space-loving cat, types that isn’t 1, 2, 3, 4, 5, 6, 7, 8, 9 or 0.

It’s so easy, that I’d expect any competent programmer to be able to immediately write a piece of code to do this, off the top of their head, with no bugs. If they couldn’t do this in, say, a technical interview for a programming job at bank, they shouldn’t be hired.

In fact, it’s highly likely that the amount of time and effort necessary to place the warning “(excluding spaces)” in the web page is more than the effort required to adjust the software to remove the spaces for you.

Cleaning up the data you receive, such as removing unnecessary spaces from it, is known as sanitizing the data, and it’s not only trivial, but essential if the bank is to have a chance of running a secure and reliable operation.

In my more cynical moods [not at all encouraged by having actually worked in banking operations, he said rolling his eyes], I see the “excluding spaces” request as meaning “our programmers aren’t so good with the sanitizing and the programming and the stuff, so please help them, thanks so much“.

So, with all that in mind, here are not one, but two, stories of what happens when banks apparently fail to remove spaces from a critical value, with hilarious consequential overdrafts.

If you look at both these stories, the amounts of money the poor saps’ credit cards were charged are suspiciously identical: $23,148,855,308,184,500.00. This is the kind of stupid number that immediately makes me want to view it in base 16 (a technically useful way of representing data), in case that provides a clue as to what’s going on.

In base 16, 2314885530818450000 (with the extra 00 on the end meaning cents) is 2020202020201250. That looks a lot to me as if it’s really meant to be 1250 (for example, meaning $12.50 in binary-coded decimal, commonly used in financial systems to represent numbers precisely), but somehow with a pile of spaces stuck on the front (since 20 is a common computer code for space). This is almost certainly the work of a piece of software between the retailer and the bank, which is wrongly padding the value out to fit a fixed-size field for transport (and probably also wrongly changing the type of it too).

But it’s also a sterling example (sic) of why the receiving system should remove unexpected spaces from something that’s intended to be a number, rather than just passing it on to a program that will mishandle it gloriously.

Of course, it would also, maybe, perhaps, be a good idea to make sure that the withdrawal request doesn’t exceed the size of the world economy. But that’s actually harder than just excluding spaces, since the banks think they can get you to do that for them.

About these ads

5 comments

  1. Oh god, that drives me mad too. You also see it with bank sort codes where they won’t let you put in the – character that is actually part of most sort codes.


  2. Of course, a complementary frustration is when a web site’s programmer requires users to enter the space in a UK post code, which is not part of the data either, and not required.


  3. Following on from some fair comments in http://www.metafilter.com/83278/On-The-Importance-of-Overdraft-Protection , I’ve added a clarification about 1250 having to being in BCD if it’s to represent $12.50.

    BCD (binary-coded decimal) is commonly used in financial systems, where precision is more important than space-efficiency. It’s also used internally in old HP calculators for the same reason, and consequently, I’m so used to seeing it that I didn’t think to explain it.

    (Although, if the number is in BCD in the first place, how it would become space-padded is even more interesting.)


  4. @Frank you are wrong about UK postcodes the space is specified in the the relevent British Standard and in the UK Government’s adress data schema. You are right however that virtually every postcode is parsable into outcode and incode without one and it is a good exercise in UX design to not require it.


  5. Spaces are not part of the post code data, they’re only part of its recommended presentation on address labels and such like. This is a separate issue from their input into a form, and why it’s a mistake to insist upon the space, as much as it would be to insist on post codes being entered in upper case.

    As proof that spaces aren’t required, you need only look at the commercially-available Royal Mail post code database (called PAF); it stores all valid UK post codes without spaces. I know, because I’ve written code against it for interactive address look-up. (Admittedly, it doesn’t include the magic post codes for Santa Claus or National Girobank, but they still work without spaces anyway.)



Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

%d bloggers like this: