Trouble paying online - secure7.arcot.com not working
Discussion
Having failed to pay two companies with either of two cards (one Visa debit and one Mastercard credit) issued by Natwest, I finally succeeded using a Visa credit card from MBNA. The response "secure7.arcot.com took too long to respond." pops up every time with the Natwest cards even after clearing arcot cookies. Natwest fraud team agent had no idea what the trouble was and ended up saying "use another card" - hardly professional!
Anyone else had this trouble?
Anyone else had this trouble?
I work for a competitor of Arcots. We’ve all 3 (major market players) been suffering DDoS attacks on/off for the last couple of weeks. 3DS (3ds secure, the rails by which online transactions run between merchant and card issuer) is becoming majorly prevalent in Europe because of the psd2 legislation.
Arcot has suffered most downtime out of all this. It’s not clear yet whether they are being attacked more or just less capable to defend. Unfortunately this means many customers of theirs are suffering. Hsbc, capitalOne, Santander, NatWest and some others are arcot houses
We’ve all had significant and unexpected outages. With cardholders transactions timing out.
LBG (including Mbna after acquisition), Barclays, NewDay, vanquis and a bunch of other are with a mix of the other guys.
Arcot has suffered most downtime out of all this. It’s not clear yet whether they are being attacked more or just less capable to defend. Unfortunately this means many customers of theirs are suffering. Hsbc, capitalOne, Santander, NatWest and some others are arcot houses
We’ve all had significant and unexpected outages. With cardholders transactions timing out.
LBG (including Mbna after acquisition), Barclays, NewDay, vanquis and a bunch of other are with a mix of the other guys.
Edited by eltax91 on Saturday 10th April 19:39
motco said:
Interesting, thanks chaps. No wonder NatWest were evasive!
Yeh, ‘use another card’ is the absolute last resort for the call centre. The last thing the bank wants is to have their card back of wallet. It would be very foolish of me or my employer to try and use this for a business advantage, but we have seen the attacks on us stop about a week ago because we did ok with our mitigation. Service outages were minimal, so what’s the point from the attacker point of view. We are certain we will be attacked again, we just don’t know how big or when.
I wouldn’t disclose our customers, but what I will say is that you might want to pop the Mbna card to the front of wallet for a short while.
ETA: not all e commerce merchants use 3ds yet. So your mileage may vary across different merchants and different cards
Edited by eltax91 on Saturday 10th April 21:39
eltax91 said:
motco said:
Interesting, thanks chaps. No wonder NatWest were evasive!
Yeh, ‘use another card’ is the absolute last resort for the call centre. The last thing the bank wants is to have their card back of wallet. It would be very foolish of me or my employer to try and use this for a business advantage, but we have seen the attacks on us stop about a week ago because we did ok with our mitigation. Service outages were minimal, so what’s the point from the attacker point of view. We are certain we will be attacked again, we just don’t know how big or when.
I wouldn’t disclose our customers, but what I will say is that you might want to pop the Mbna card to the front of wallet for a short while.
ETA: not all e commerce merchants use 3ds yet. So your mileage may vary across different merchants and different cards
Edited by eltax91 on Saturday 10th April 21:39
Condi said:
Interesting, thanks. Had the same the other day and ended up using PayPal.
Must be costing the online company's sales though, I very nearly walked away instead of faffing around.
Interestingly on our side we have seen a lot of transactions go through on the first retry. Our DDoS provider seemingly able to be able to spot the difference between genuine and DDoS on a retry. Must be costing the online company's sales though, I very nearly walked away instead of faffing around.
The merchant will do this inside a second or two whilst you watch a bar go around. So for now they are not seeing much lost business.
Still, not a good place to be. Our exec’s have had some pretty difficult customer conversations recently. The volumes we are seeing and the timing of it, without any obvious demands or claims from attackers are baffling though. It’s not clear at all why these attacks keep happening.
eltax91 said:
Interestingly on our side we have seen a lot of transactions go through on the first retry. Our DDoS provider seemingly able to be able to spot the difference between genuine and DDoS on a retry.
The merchant will do this inside a second or two whilst you watch a bar go around. So for now they are not seeing much lost business.
Still, not a good place to be. Our exec’s have had some pretty difficult customer conversations recently. The volumes we are seeing and the timing of it, without any obvious demands or claims from attackers are baffling though. It’s not clear at all why these attacks keep happening.
That's very interesting, does the 3DS retry try a secondary target? Happy to chat offline as i'm in a very similar industryThe merchant will do this inside a second or two whilst you watch a bar go around. So for now they are not seeing much lost business.
Still, not a good place to be. Our exec’s have had some pretty difficult customer conversations recently. The volumes we are seeing and the timing of it, without any obvious demands or claims from attackers are baffling though. It’s not clear at all why these attacks keep happening.
Garemberg said:
That's very interesting, does the 3DS retry try a secondary target? Happy to chat offline as i'm in a very similar industry
In this case i was talking about Merchant retries. Often built into their e-sales systems, before they fall back to non-3Ds and straight to auth. motco said:
It looks as if Paypal is under attack now - I can't check out for an Ebay purchase.
I used it this morning. if your paypal is using your card in the background and eBay/ PayPal are using 3ds, you could still well be running into the same issueHere's the arcot (your bank's ACS provider) status: https://status.arcot.com/ and https://status.arcot.com/history
eltax91 said:
motco said:
It looks as if Paypal is under attack now - I can't check out for an Ebay purchase.
I used it this morning. if your paypal is using your card in the background and eBay/ PayPal are using 3ds, you could still well be running into the same issueHere's the arcot (your bank's ACS provider) status: https://status.arcot.com/ and https://status.arcot.com/history
Gassing Station | Finance | Top of Page | What's New | My Stuff