In early 2021, a churning favorite payment processor and US Bank partnered to offer up to $5,000 in fee-free payments to new accounts when using a US Bank credit card through the end of the year. At face value, this was a nice way to meet a credit-card spend bonus and move on; but if that were the whole story we wouldn’t be talking about it today, right? Enter IT.

Bad IT

The software development team’s job was essentially to:

  • Look for US Bank credit card BINs
  • Add up all payments made with those BINs in a counter
  • Don’t charge fees while the counter is less than $5,000 and the BIN is US Bank’s

The developers did something like this, but they messed up the last step; instead of not charging fees when the card is a US Bank BIN, they didn’t charge fees unless the card was a US Bank BIN. So, as long as you never used a US Bank credit card, the counter would always be less than $5,000 and payments were fee-free. Those experienced with web browser DevTools could even see the counter in backend website requests.

The payment processor figured out their coding error on September 22, 2021 and the promotion worked as originally intended from that day forward. It probably goes without saying, but some churners were able to get quite a bit of volume through the lifecycle of the bug, and it was a sad day when the hole was plugged.


What can we learn from this? A few of these are MEAB classics but there are some specifics too:

  • Always be probing
  • T&Cs aren’t always implemented or enforced
  • Try looking outside of a partnership for partnership promotions
  • If you know how to use web browsers’ DevTools, look at what’s going on under the hood
  • When a company gets basic logic like this wrong, they’ve probably gotten other logic wrong too

Happy weekend friends!

The lead developer’s car in the payment processor’s parking lot.