Summary
Netflix payment processing is broken. There are well-known, longstanding, critical bugs in their payment processing system, which they cannot fix. They know this (as their own customer support scripts confirm). Now you do.
As a computer security expert, I have little-or-no confidence that their backend server code is written well enough to protect your financial information! Seriously. Treat Netflix like some shady Chinese bitcoin operation and protect yourself. I recommend you never, ever use a debit card with Netflix (potentially loss of all bank funds), and if you must use Netflix, watch your credit card (not debit card) statements for when they eventually get hacked. Again.
If you ignore my warnings and decide to go down this rabbit hole, Netflix will waste a tremendous amount of your time. At one point, they will ask for another CC. Do not do this, for the reasons above. Then they could have multiple CC's which are now vulnerable! They will ask you to create another account. Again, then there could be two places where your info is waiting to be hacked. Instead, try the workarounds listed in the last section below.
As a computer security expert, I have little-or-no confidence that their backend server code is written well enough to protect your financial information! Seriously. Treat Netflix like some shady Chinese bitcoin operation and protect yourself. I recommend you never, ever use a debit card with Netflix (potentially loss of all bank funds), and if you must use Netflix, watch your credit card (not debit card) statements for when they eventually get hacked. Again.
If you ignore my warnings and decide to go down this rabbit hole, Netflix will waste a tremendous amount of your time. At one point, they will ask for another CC. Do not do this, for the reasons above. Then they could have multiple CC's which are now vulnerable! They will ask you to create another account. Again, then there could be two places where your info is waiting to be hacked. Instead, try the workarounds listed in the last section below.
Details
On May 13th and May 14th 2015, Netflix experienced outages of its payment-processing backend. What this means is that you will enter all your Credit Card (CC) info, and you will get a generic error message like this.
No matter what you do, neither you nor their customer support people will be able to get it to work. When I called, even their internal customer support payment portal crashed when they tried to manually enter the information. That's not a good sign right there. Strike one for CC security.
Netflix customer support is friendly and they try really hard. I think they are great. However, there is no way the support staff or the engineers can fix your problem. The reason I know this is that they have no information to work with. Look at the error message above. There is no error code at all. As an engineer, where would you start? Bad CC info? Payment processor fail (e.g. VISA's problem)? DB error? Cookie/browser-state error? Backend logic error? Authentication error? Browser bug? Network error? Hmmm. Maybe the customer support or engineers get an error log we can't see? Let's investigate them all and find out!
On May 13th and May 15th, I worked with "Megan" and "Robert" at Netflix support. Again, they were both charming, friendly, hard-working, sympathetic, and they both escalated as quickly as possible. We went through all of the possible causes, and ruled out everything except backend logic error. Just to give you an idea, here is what we learned.
I always suspect my crappy CC companies, so I called them twice, both days. The CC info is correct and the card is working fine. Strangely, no charge attempts were recorded at all, from Netflix. More on that later.
The customer support script is unbelievable. It involves closing 2 or more browsers, clearing all your cookies, rebooting (WTF?!), and trying the login and CC process on the 2 or more browsers. Then you repeat all that on another machine or device! Then you try all that from another network, say, a mobile data network. This takes a while, as you might imagine, for at least 6-8 login and CC submission procedures, minimum. Then they recommend you sign up with a new email and Netflix account. I mentioned that I would lose all my recommendations and movies. They said, yes, sorry.
If gmail has problems processing payments, they don't require you to open a new gmail account. Strike two! Again, now you'd have potentially two different Netflix accounts with your CC info, waiting for the bug-addled backend to get hacked. Again.
What CC payment system requires you to reboot your machine? Strike three! That's a huge warning sign right there, that their payment processing system is dangerously bug-riddled.
Then both days, they generously tried to process the CC manually, on their own back end. Not only did this all fail, no error codes or meaningful information was generated. In fact, not a single attempt was even logged! Not one.
No error codes and no event logging. At all. On their own backend systems. For CC submissions. Even if their engineers try to find the bugs, they have no info at all, other than your CC info. Strike four! Here's a question which should give you pause. If they get hacked, again, will they even have sufficient logging to track what happened?
Finally, the common support script seems to indicate that these are known bugs. Critical flaws in their payment processing system are known. Yet no fixes have been made. Perhaps, like the complete backend outage on May 13th, this is just a one-off or transient bug? Alas, while Netflix support forum seems mum on the issue, we can see that others have had the exact same experience here, since at least September 2014. I was not given a timeframe on when to try again.
This is not surprising. If you have no error info then you can't fix the inevitable bugs, quickly or at all. This means these bugs will accumulate over time. Strike five! The bugs I'm describing are just those that we know now. How many others are known to Netflix yet are unknown to us? How many are unknown to Netflix? This could be just the tip of the iceberg.
Bonus Strike six! Maybe this is all hypothetical and Netflix's backend is built like Fort Knox? Maybe my concerns are unfounded. Nope. They've been hacked. Stolen Netflix accounts are valuable too. This is not just a theory. Protect yourself.
Netflix customer support is friendly and they try really hard. I think they are great. However, there is no way the support staff or the engineers can fix your problem. The reason I know this is that they have no information to work with. Look at the error message above. There is no error code at all. As an engineer, where would you start? Bad CC info? Payment processor fail (e.g. VISA's problem)? DB error? Cookie/browser-state error? Backend logic error? Authentication error? Browser bug? Network error? Hmmm. Maybe the customer support or engineers get an error log we can't see? Let's investigate them all and find out!
On May 13th and May 15th, I worked with "Megan" and "Robert" at Netflix support. Again, they were both charming, friendly, hard-working, sympathetic, and they both escalated as quickly as possible. We went through all of the possible causes, and ruled out everything except backend logic error. Just to give you an idea, here is what we learned.
I always suspect my crappy CC companies, so I called them twice, both days. The CC info is correct and the card is working fine. Strangely, no charge attempts were recorded at all, from Netflix. More on that later.
The customer support script is unbelievable. It involves closing 2 or more browsers, clearing all your cookies, rebooting (WTF?!), and trying the login and CC process on the 2 or more browsers. Then you repeat all that on another machine or device! Then you try all that from another network, say, a mobile data network. This takes a while, as you might imagine, for at least 6-8 login and CC submission procedures, minimum. Then they recommend you sign up with a new email and Netflix account. I mentioned that I would lose all my recommendations and movies. They said, yes, sorry.
If gmail has problems processing payments, they don't require you to open a new gmail account. Strike two! Again, now you'd have potentially two different Netflix accounts with your CC info, waiting for the bug-addled backend to get hacked. Again.
What CC payment system requires you to reboot your machine? Strike three! That's a huge warning sign right there, that their payment processing system is dangerously bug-riddled.
Then both days, they generously tried to process the CC manually, on their own back end. Not only did this all fail, no error codes or meaningful information was generated. In fact, not a single attempt was even logged! Not one.
No error codes and no event logging. At all. On their own backend systems. For CC submissions. Even if their engineers try to find the bugs, they have no info at all, other than your CC info. Strike four! Here's a question which should give you pause. If they get hacked, again, will they even have sufficient logging to track what happened?
Finally, the common support script seems to indicate that these are known bugs. Critical flaws in their payment processing system are known. Yet no fixes have been made. Perhaps, like the complete backend outage on May 13th, this is just a one-off or transient bug? Alas, while Netflix support forum seems mum on the issue, we can see that others have had the exact same experience here, since at least September 2014. I was not given a timeframe on when to try again.
This is not surprising. If you have no error info then you can't fix the inevitable bugs, quickly or at all. This means these bugs will accumulate over time. Strike five! The bugs I'm describing are just those that we know now. How many others are known to Netflix yet are unknown to us? How many are unknown to Netflix? This could be just the tip of the iceberg.
Bonus Strike six! Maybe this is all hypothetical and Netflix's backend is built like Fort Knox? Maybe my concerns are unfounded. Nope. They've been hacked. Stolen Netflix accounts are valuable too. This is not just a theory. Protect yourself.
OK, I'm scared. Hold me. Tell me what to do.
Don't let your Netflix account lapse. If you have CC info stored with them, update it exactly 2-3 months before your CC expires. That part seems to work. Put the renewal date on your calendar, so you don't spiral into CC security hell, like me.
Don't use a debit card with Netflix. Ever.
Don't enter more than one valid CC into Netflix (other than a 2-3 month renewal overlap). If the CC update fails, your other CC's will too, probably, and now you're risking multiple CC's on a sketchy platform.
Consider a service where a unique CC number is generated for each transaction. Fidelity used to offer a CC which did this. There is a company called Abine which does the same thing, although I haven't tried that yet. I'm going to try it now and see what happens. If Netflix gets hacked, then revoke your Abine CC info for that one account? Disclosure: Abine was started by a friend of mine named Eugene Kuznetsov, but I have no other connection with the company.
You can try the insane process of working around it, which may or may not work. Basically, you create a new Netflix account and new email. Add the same CC to that. Change the email from the new one to the old one (may have to call customer support). Then try to log into the old account. Might work!
Use another streaming service. I have Amazon Prime and will use them instead. Amazon has a history of excellent payment security.
Don't use a debit card with Netflix. Ever.
Don't enter more than one valid CC into Netflix (other than a 2-3 month renewal overlap). If the CC update fails, your other CC's will too, probably, and now you're risking multiple CC's on a sketchy platform.
Consider a service where a unique CC number is generated for each transaction. Fidelity used to offer a CC which did this. There is a company called Abine which does the same thing, although I haven't tried that yet. I'm going to try it now and see what happens. If Netflix gets hacked, then revoke your Abine CC info for that one account? Disclosure: Abine was started by a friend of mine named Eugene Kuznetsov, but I have no other connection with the company.
You can try the insane process of working around it, which may or may not work. Basically, you create a new Netflix account and new email. Add the same CC to that. Change the email from the new one to the old one (may have to call customer support). Then try to log into the old account. Might work!
Use another streaming service. I have Amazon Prime and will use them instead. Amazon has a history of excellent payment security.
UPDATES:
May 25th, 2015: Still broken! Same exact failure modes. Old CC info still saved with no way to delete it. Comforting.
RSS Feed