Major Pharmacy Software Bug

Date May 24, 2009 by Isaac

The title sounds somewhat like those spam messages I get.  But, this is a real software bug.  One I would consider serious.

Sometimes the most interesting bugs are discovered by pure accident.  I was picking up a few items at one of the United States major pharmacy chains and discovered a flaw in their software.  But first, let me back up and explain something called IIAS.

Inventory Information Approval System (IIAS) is used (or supposed to be used) by all the grocery stores and drug stores through the USA.  When you go to make a purchase of eligible goods using your Flexible Spending Account (FSA) credit card the IIAS is consulted and the register gets a "yes" or "no" on the item.  If the item is eligible for FSA spending and a FSA card is presented for use then only those items given a thumbs up from IIAS are supposed to be charged to the card.  The remaining items are supposed to be paid for by some other means.

At the end of my little shopping trip to the pharmacy I had some items that I knew were eligible for FSA and some that weren't.  After the cashier scanned all the items I swiped my FSA card.  Here's where the accident happened.  The cashier, obviously unaware of FSA cards or the IIAS, was confused by the message her register was giving her.  So told me the card hadn't worked and asked me to swipe it again.  At this point I had no reason to doubt her, so I swiped my card again.  The sale completed and after a brief moment of confusion I realized what had happened.  IIAS and the FSA card authorization system had failed.

What happened was the first time I swiped my card it had actually worked and only the FSA eligible items had been charged to the card.  The cashier didn't know what happened or why the balance remaining was not zero.  So, she thought the card had failed and asked me to try again.  The second time the system should have recognized the card as FSA and that there were no more items eligible items and should have rejected the card.  It didn't.  It allowed the transaction to continue.

This really isn't a life or death bug, but it really is a nuisance.  I had them reverse the charges on the card and then check my items out again.  This time I swiped a different card the second time and everything was happy.  The irritation would come later if I hadn't had them credit the card back.  I would have been contacted and asked to pay back the card for the non eligible items.

This seems like a test case that should have been run but was missed.  Worse yet, it might have been run and a bug filed but never fixed.  I can only speculate why this behavior was allowed, so allow me to rant a bit about a common problem encountered while bug hunting.

By a show of hands how many testers have ever received the "no one will ever do that" response to a bug filed?  Why on earth would anyone swipe a FSA card twice or when no FSA items are pending payment?

A common push-back I've seen from developers is "our users are smarter than that."  OK, so I work on high technology products and our users should be smarter than that.  When it comes to software I don't think it makes a difference how smart your users are supposed to be.  If there is a flaw in the program sooner or later someone will do something they shouldn't have done and the flaw will show its ugly head.  There are certainly going to be higher priorities in many cases, but a wise tester will know when to push to get these "dumb" bugs fixed.

Link Summary

Category Posted in Software Testing, Technology

Comments are closed.