Duplicated outward payment



Today I’ve managed to send a duplicated payment through the iOS app (latest version on iOS 12 beta 5).

How to reproduce:

  1. Go to Pay -> Pay and select a payee.
  2. Click Pay.
  3. Enter an amount
  4. The app asks for the password.
  5. Enter a wrong password.
  6. Enter the correct password.
  7. The window remains the same, no confirmation for successful payment is displayed.
  8. Click Pay again and voila, the payment is successful.

I’ve ended up with two outward payments to my credit card account and after a call with Starling it turns out that they can’t recover the duplicated one.

Duplicate payments - closed?
Duplicate payments - closed?

Ouch, that’s not good. Was this the first payment you made to that payee? As I don’t believe it usually asks for your password just to make a payment, only to create a new payee.


This is worrying! @StarlingSupport can you comment on this please?


It wasn’t the first payment made to this payee, however the amount was big >£1K. Maybe that’s the reason it asked for a password.


I’ve been able to recreate this. It seems the animation isn’t playing after entering your password correctly. It played as soon as I hit the ‘cancel’ button and it then sent out the payment.

I’m guessing it would have played and then sent the duplicate payment if you had clicked Pay again.

I’m going to get this raised today


Thanks, Logan, kudos for the quick response! :+1:


As a QA I suggest Starling doing more exploratory testing. I am surprised that a bug as this wasn’t caught early… :robot:


I know I sound like a broken record but I have questioned the development process, including testing and QA, a number of times :unamused:


Correct, you do.


Try contacting your CC provider, they may well refund the duplicate payment - particularly if it puts you into a credit balance.

Worth a shot!


Halifax would do this in a month or so by sending me a check over the post. No, I prefer just paying my rent to the agency with the credit balance :sweat_smile:


I’m surprised that a payment sent due to a bug in the app isn’t covered by some form of protection/recovery scheme, especially since Starling have reproduced the issue


I know someone who something similair happened recently (not with Starling) but essentially their standing order (not direct debit) accidentally went twice.

As it was a standing order there is nothing the Lloyds could do, but a quick phone call to the credit card company and they agreed to send the duplicate payment back.

As much as this is a clearly a software bug, to my knowledge no bank would be in position to recall the money


Banks can try and recall a payment sent in error, whether or not they wish to is a different matter.


Even if there’s no official recall process, surely a refund of an amount paid in error due to software released with insufficient testing comes under the umbrella of “doing the right thing”

Where do you draw the line of taking responsibility? What if there was a bug that caused the cancel button not to work and even though the customer pressed it the payment was still sent?


@LoganAllan is iOS 11 affected?


There is an official recall process though.

It would have been nice of Starling to take a more proactive approach considering its an app problem not a customers mistake as such.


What would you do to improve it?


All payments sent from one bank to another can be recalled if sent in error, its just a hassle and banks don’t want to do it. Plus there isn’t a guarantee so generally banks just say no.


@Joe_Merriman I would need to know what the process is first. There are a plethora of things that would be considered best practice. What testing is carried out? Do they do extensive regression tests? Do they conduct peer reviews of any and all code changes, no matter how small? Is there a dedicated integrity team that controls what goes live and what doesn’t? Is there a written set of coding standards that all developers must adhere to and, if so, how detailed are those standards? How stringent is the version control? …

I’d be interested to know if this bug was introduced recently or if it’s been there for some time and only just been discovered.

Don’t get me wrong - almost all software contains bugs. I’m realistic about that. It comes down to what the ramifications are if a bug gets through into the live system. If you’re building a brochure-style website and you introduce a bug that means the layout is broken, then it’s inconvenient and looks a bit unprofessional but it’s easily fixed and the long term damage is zero. If on the other hand you’re dealing with business or safety critical systems and a bug slips through, the repercussions could be huge - financial or a danger to human life. You would dedicate the required resources commensurate with the criticality of the application and the level of risk you’re happy to take.

I used to work for a global airline and it was drummed into me from day one that if I introduced a bug to the system, it could cost the company £1,000,000 per minute. Needless to say during my time there (several years) I wasn’t aware of a single bug making its way into the live system.

I’d argue that a banking app should be subject to pretty tough standards and controls. It’s critical that payments can’t be made twice in error.