The problems limited Paypal's ability to process payments for its parent company, the auction site eBay, as well as thousands of web sites that use Paypal to process online payments. The incident is the latest in a series of outages this month for services that allow web merchants to accept credit cards, several of which have been knocked offline by distributed denial of service (DDoS) attacks.
Paypal's issues appear to be internal, and have had significant impact. "A technical problem with the PayPal platform has caused intermittent errors and availability for members attempting to use the PayPal site since Friday 10/8," eBay said in a notice to members. "Activities such as paying for ended eBay listings, using the Immediate Payment feature, using PayPal shipping functionality, and accessing account information have been intermittently available. Offline use of PayPal debit cards has also been impacted intermittently, and some members have been unable to use them."
Early Friday morning Paypal launched a redesign intended to present "a more intuitive layout." Instead, developers and site operators began reporting errors with Paypal's back-end systems, particularly its Instant Payment Notification (IPN) system, which handles communication between third-party web servers and the Paypal service.
Performance problems continued throughout the weekend, as Paypal and eBay continued to describe the problems as "intermittent" and reassured customers that the problems were being addressed. In an update Tuesday, Paypal said its new code "worked well when tested and during the first hours of launch. Unfortunately, problems handling peak levels of traffic developed later in the day that created intermittent availability and errors for members." The system problems were being widely discussed on eBay community forums, as well as PayPal Developer and Slashdot. Meanwhile, the PayPal Sucks site experienced performance problems of its own as traffic surged. "We are getting hammered here from all those users upset with PayPal, so please be patient," the site told its readers. "The server's a bit slow today."
Redesigns can be tricky business for e-commerce sites, as changes introduce unanticipated consequences in complex systems. Site designs have been known to expose customer data or leave the site vulnerable to cross-site scripting or frame injection exploits that could be used by phishing scams.