Hard News by Russell Brown

Read Post

Hard News: A bigger breach?

112 Responses

First ←Older Page 1 2 3 4 5 Newer→ Last

  • Ben Gracewood,

    Ouch. That's rather epic. So somewhere at Auckland City they were storing a list of credit card numbers used by their car park ticket machines. Probably in the clear.

    Why?

    Orkland • Since Nov 2006 • 168 posts Report Reply

  • Gareth Ward,

    Basically, internal systems at Auckland City have been compromised.

    Dear Mr Haxor,
    Could you please remove a few awkward parking tickets under my name while you're mooching around in there?

    Cheers.

    Auckland, NZ • Since Mar 2007 • 1727 posts Report Reply

  • Russell Brown,

    Dear Mr Haxor,
    Could you please remove a few awkward parking tickets under my name while you're mooching around in there?
    Cheers.

    I'm sorry Mikey, I can't do that.

    Auckland • Since Nov 2006 • 22850 posts Report Reply

  • MikeE,

    and while you are at it, I've got a few rates bills...

    Washington DC • Since Nov 2006 • 138 posts Report Reply

  • Stephen Judd,

    I wonder how many other large organisations are about to have an urgent internal review.

    Wellington • Since Nov 2006 • 3122 posts Report Reply

  • Roger,

    On the cancelled credit cards...

    ASB Bank told me that several customers had had fraudulent activity on their cards and that the only vendor that they had in common was ACC Parking, so that seems to back up what the media is saying.

    What really pissed me off though was parking in the ACC Mercury Lane carpark a couple of weeks ago and on leaving - finding a sign saying:

    "Credit cards out of order - see the cashier"

    A little tricky when the Mercury Lane carpark is unmanned!

    The walk back into Queen Street to find an ATM to get cash doubled my parking time... AND parking fee

    Hamilton • Since Jun 2007 • 179 posts Report Reply

  • Gareth Ward,

    I'm sorry Mikey, I can't do that.

    If he'd just held out for a few more weeks he could have avoided the hell of unpaid DJing to first years...

    Auckland, NZ • Since Mar 2007 • 1727 posts Report Reply

  • George Darroch,

    In NZ I've walked around for 2 months with a $20 note in my wallet that I've never touched, because EFTPOS is accepted nearly everywhere with few exceptions

    New Zealand is apparently the most EFTPOS using country in the world. The fee structure for the system encouraged rapid takeup by shopowners encouraged it apparently, but I can't remember the details.

    It took a few months in Australia for me to realise that leaving the house without cash was a bad idea - shopowners generally aren't at all comfortable with using a bankcard for less than $15, and a credit card for less than $20. ATMs exist of course, but high fees for using other banks machines means that it isn't all that reliable. You get very used to having at least $50 in your pocket, and a couple of coins in case you can't break the note.

    One of the places where the cashless economy is developing fastest is actually Africa. The mobile phone sector there is booming - a speaker talks of getting off the plane at Goma, Congo, and having more 3G networks than at home in Maine. As a result, mobile utilising cashless payment systems are booming. I have a fascinating link, but I can't find it at the moment. I'll post it when I do.

    WLG • Since Nov 2006 • 2264 posts Report Reply

  • Roger,

    But they use the metric inch .... (exactly 2.54cm) ....

    One of my biggest pet hates... how difficult could it be to get Microsoft to switch to metric when you set metric! Perhaps someone could start a campaign?

    Hamilton • Since Jun 2007 • 179 posts Report Reply

  • Roger,

    "It took a few months in Australia for me to realise that leaving the house without cash was a bad idea."

    I understand that in NSW at least they still have, and actually use vagrant laws for people with no cash. A friend claims to having recived a ticket in the last 5 years in Sydney.

    Some Australian readers might like to confirm?

    Hamilton • Since Jun 2007 • 179 posts Report Reply

  • Rich of Observationz,

    In some states and some times (California keeps changing the law) you may be asked for a picture ID - they expect a driver's license, some people have never seen a passport and may be confused.

    I just show my Kiwi license and if they quibble, berate them for not knowing the names of all the US states (NewZealand is between Idaho and North Dakota, don't you know that, sir).

    Back in Wellington • Since Nov 2006 • 5550 posts Report Reply

  • Thrash Cardiom,

    Any possibility that the Auckland CC thing is an internal issue rather than external?

    CHB • Since Nov 2006 • 55 posts Report Reply

  • izogi,

    It's one of the main reasons tipping is such a huge emotional trigger for many in the US-it's effectively a voluntary subsidy to prop up someone's salary.

    A few weeks ago I ran into someone who spent a lot of time as a waitress somewhere in the US. She thought something like 80% of her salary came through tips, and that'd be about US$180 on a good night, I think, for wherever it was that she worked. What surprised me, though, was when she explained how the waiting staff are often required to then tip the kitchen staff a portion of the tips they get, about 30% in her case. So if you tip them something for the service, you can't even guarantee they'll get to keep it. And this is why they often prefer tips in cash rather than electronically, since the cash tips can't be traced anywhere near as easily by the restaurant.

    I guess if you live in that system with so many under-the-table expectations that are taboo to talk about, it makes some kind of sense. To me it seems confusing.

    Wellington • Since Jan 2007 • 1142 posts Report Reply

  • Ben Gracewood,

    Any possibility that the Auckland CC thing is an internal issue rather than external?

    I'd say probability rather than possibility.

    Orkland • Since Nov 2006 • 168 posts Report Reply

  • slarty,

    Basically, internal systems at Auckland City have been compromised.

    Why else would the Banks go public? PCI DSS has been laggardly in NZ. It's a commercial arrangement, so you can't force the issue... unless you get a nice healthy breach. In which case you name and shame the weak link...

    Since Nov 2006 • 290 posts Report Reply

  • Scott A,

    Slightly off track.
    The appropriately named 'Your Telecom' service from Telecom has been offline for a week.
    Security breaches ?

    Not for me, Steve. You might need to get in touch with 'em and ask 'em wassup.

    The wilds of Kingston, We… • Since May 2009 • 133 posts Report Reply

  • Rich of Observationz,

    All security is a tradeoff between cost, amount lost and convenience. What our law needs to do, as in other countries is to place the responsibility to make that tradeoff with the banks, who have the ability to make that call. It shouldn't be possible for individuals to lose out as a result of systematic failure.

    Meanwhile, Wikileaks has a shitload of pager messages from September 12th 2001. WTF!

    Back in Wellington • Since Nov 2006 • 5550 posts Report Reply

  • Steve Barnes,

    We get Airpoints on our credit card so I thought it a good idea to use the credit card to pay the council rates. Big mistake apparently. The Council accepted the payment and I thought all was OK, I could pay off the credit card instead of paying the rates in instalments, get the Airpoints and save a bit of money at the same time. Wrong, when I got the CC statement it came up with a Cash Withdrawal for the rates payment, which accrues interest from day one and does not get you Airpoints. So I phoned the Council and was told that they don't accept credit card payments, I phoned the Bank and asked how someone other than me could make cash withdrawals and was told that they couldn't.
    Go figure that one.

    Peria • Since Dec 2006 • 5521 posts Report Reply

  • Russell Brown,

    I phoned the Bank and asked how someone other than me could make cash withdrawals and was told that they couldn't.
    Go figure that one.

    Hmmm ...

    Auckland • Since Nov 2006 • 22850 posts Report Reply

  • Glenn Pearce,

    I phoned the Bank and asked how someone other than me could make cash withdrawals and was told that they couldn't.
    Go figure that one.

    Seriously weird.

    So I phoned the Council and was told that they don't accept credit card payments

    I presume you're talking about AK City. I'm 99% sure they accept Visa or Mastercard for Rates payments.

    You wouldn't be the first person to come across an ill-informed AK City Council Call Centre reprsentative though.

    You should try something really tricky like trying to get a Resource/Building consent or get a street damage deposit returned.

    Although they were very good about the street damage thing in the end, refunding my $500 twice.......

    Auckland • Since Feb 2007 • 504 posts Report Reply

  • Simon Grigg,

    You get very used to having at least $50 in your pocket, and a couple of coins in case you can't break the note.

    And then you have Indonesia, whose banking system (and banking security) exists in never-never land. I had to pay a fairly large sum recently (USD$6700) to the car finance company when I sold the vehicle. In Indonesian terms it was Rp66,700,000 (actually to be precise 66.700.000 as they, for some odd reason, invert commas and full stops..plays havoc with software). I went to the bank and asked if I could have a bank cheque or the like....bemused silence. So how do I pay this? Tunai (cash) she said.

    Thus I was given a large brown paper bag with 1334 Rp50,000 notes to walk the streets of Denpasar with.

    No-one blinks at the idea (or the insanity of all those zeros). People buy houses with cash and only 1 in 5 Indonesians has a bank account, which may well be smart given the relentless banking scams which mostly seem to be accepted business practice for the rich and powerful.

    Just another klong... • Since Nov 2006 • 3284 posts Report Reply

  • Glenn Pearce,

    Auckland • Since Feb 2007 • 504 posts Report Reply

  • Lucy Stewart,

    I'd say probability rather than possibility.

    Depending on what you mean by "internal" (i.e. "person who works there" v. "person with access to flash drive owned by person who works there".) But it's scenario with the fewest caveats, assuming the council's firewalling isn't actually completely useless.

    The hubby and I are going to Kiwicon this weekend, where I imagine this will be a hot topic of discussion - I'm very curious to see what's floating around...

    actually to be precise 66.700.000 as they, for some odd reason, invert commas and full stops..plays havoc with software

    This is a European standard - I imagine it's a leftover from the Dutch.

    Wellington • Since Nov 2006 • 2105 posts Report Reply

  • George Darroch,

    I phoned the Bank and asked how someone other than me could make cash withdrawals and was told that they couldn't.
    Go figure that one.

    Contact the banking ombudsman. It normally does a very good job of resolving problems like this.

    WLG • Since Nov 2006 • 2264 posts Report Reply

  • Simon Grigg,

    This is a European standard - I imagine it's a leftover from the Dutch.

    Ahh, I assumed it was something like that. There are plenty of Dutch hangovers including the almost universal pre-digital invoice numbering system. An invoice will be issued with a number along the lines of INV 2009/VII/HDL/04/KPN/02 which is utterly untrackable in most accounting systems. But then, few use them anyway, relying more on the fact that labour is so cheap it's easier to hire 15 people to work in the office and do it all by hand.

    Just another klong... • Since Nov 2006 • 3284 posts Report Reply

First ←Older Page 1 2 3 4 5 Newer→ Last

Post your response…

Please sign in using your Public Address credentials…

Login

You may also create an account or retrieve your password.