Public Address | System (Home)

Posted at 5:42PM on 25 Nov 09. Permalink.

Just heard an Auckland City spokesman on RadioNZ saying that they need to prove to Wedtpac, Visa and Mastercard that the payment machines are appropriate, or how to "make them appropriate".

Posted at 5:47PM on 25 Nov 09. Permalink.

This topic also calls for some Bruce Shneier facts,

I don't know who that is (although can guess) but even still those are ace. Kinda like xkcd in text form for me...

Posted at 5:52PM on 25 Nov 09. Permalink.

Check this out and play spot the difference.

Those are awesome. Whoever came up with them deserves my money :-)

Posted at 5:55PM on 25 Nov 09. Permalink.

I'm a Bruce Schneier fan .... not quite as fanatic as that previous link though

Posted at 6:17PM on 25 Nov 09. Permalink.

SSL is a great example - SSL man-in-the-middle attacks are becoming doable

The holes have been there for a decade or so, the knowledge has just become public more recently. The real problem is people ignoring certificate errors, and your average non-techy person will usually pick convenience over caution. Like most security issues, the one thing you can't fix reliably is the user.

Posted at 7:23PM on 25 Nov 09. Permalink.

II have been travelling in the USA for the last three weeks. I used the BART train system in SF and the Amtrak routes in and out of SF too. To buy tickets just insert your credit card in this handy machine. No authentication required. None. I think I remember doing this in Europe too.

When I visited New York in January I found the whole CC thing very uncomfortable, maybe because of how I've been conditioned. I handed over my credit card at Toys R Us in Times Square, and they were confused about what I was trying to do when I picked up the keypad thingee to start entering a PIN. I'm not sure they even knew what it was for, and I doubt it worked for authorisation, at least. They just got me to sign for approval, which I'm never very comfortable with. Then there's the whole pre-approval sequence in restaurants where you might sign off paying for the meal, but a tip gets extracted after you've left. The whole thing just feels wrong... but perhaps it's just me.

But I was also surprised just how much that whole system still relies on cash-in-hand. In NZ I've walked around for 2 months with a $20 note in my wallet that I've never touched, because EFTPOS is accepted nearly everywhere with few exceptions, and I'm just so used to seeing the amount being charged, keying in a PIN to authorise it, then insisting that I get my EFTPOS receipt back from the retailer. In New York, that idea of electronic smaller transactions seemed inconceivable and credit cards appear to be treated as a big special thing for spending larger amounts, where it's just acceptable to have a flimsy authorisation system because nobody's ever known anything better.

Posted at 8:19PM on 25 Nov 09. Permalink.

Pins for credit cards are AFAIK unknown in the US - even ubiquitous use of debit cards apart from ATMs and supermarkets is relatively recent - some places still even run cards manually (or a small hotel will just take an imprint) though they get charged more these days.

BTW if you buy petrol and ever get asked by the machine for your zipcode on your foreign card '00000' often works. When you use a credit card in a petrol pump it wont ask for a pin or signature - but may sometimes ask for a zipcode - only some places will take debit cards and will of course ask for a pin.

In some states and some times (California keeps changing the law) you may be asked for a picture ID - they expect a driver's license, some people have never seen a passport and may be confused.

The 'pre-approval' thing in restaurants is largely part of the dance involving tips - it's almost a mating ritual and embedded in the culture, it's normal and doesn't (necessarily) mean they're ripping you off.

Many Americans are confused by our abandoning of our 1/2/5c coins - but we could do it easily (or more easily than them) because we have ubiquitous EFTPOS (and because we include GST in quoted prices rather than adding sales tax in after).

Posted at 8:45PM on 25 Nov 09. Permalink.

Paul, you're giving them too much credit.

They won't even accept the metric system.

Posted at 9:34PM on 25 Nov 09. Permalink.

That large hadron collider thing-a-majing in Switzerland appears to be silly bugging around with the banking systems again. I hope it don't vacuum out the Americans like last time.

Posted at 6:45AM on 26 Nov 09. Permalink.

PINs for credit cards are a very new concept in Canada - only introduced in the last 12 months, and only for Visa as far as I know. Most retailers - including many large ones - still don't have their swipe machines set up for entering PINs, so you still sign most of the time (even when using a PIN-equipped card).

Some stores will ask for picture ID (yes, a driver licence) to go with your signature - but this is rather random, and doesn't seem to relate in any obvious way to the amount being spent. e.g., you might "get ID'd" for a $20 purchase at one store, but not for a $200 purchase at another.

The driver licence thing reminds me of going to a bar in Arizona and trying to order a beer.

"Do you have ID?" -- "Sure," shows NZ driver licence.
"Ummm, do you have local ID?" -- "No I'm a tourist".
"Are you sure you don't have local ID?" -- "Yes, if it's a problem I'll just have a coke"
"Ummmmm.......... I guess it's OK"

Posted at 7:41AM on 26 Nov 09. Permalink.

But I was also surprised just how much that whole system still relies on cash-in-hand.

Worse than that, "paycheck" is often a literal, not a metaphorical staetement in the US, meaning that companies can dick people around by ensuring they get their pay too late on Friday to bank it, leaving the money in the company's accounts for an extra couple of interest-bearing days. It's almost unbelievably antiquated.

Posted at 7:46AM on 26 Nov 09. Permalink.

The driver licence thing reminds me of going to a bar in Arizona and trying to order a beer.

My partner has an exchange student friend with whom she was trying to get into a Wellington pub a few years ago, using a passport as a photo ID. The bouncer told them that if they were going to forge a passport, they should choose a country that actually exists. Apparently the Republic of Estonia doesn't.

I think she felt very insulted about that, but they went to another entrance without further problems.

Posted at 7:57AM on 26 Nov 09. Permalink.

Worse than that, "paycheck" is often a literal, not a metaphorical staetement in the US, meaning that companies can dick people around by ensuring they get their pay too late on Friday to bank it, leaving the money in the company's accounts for an extra couple of interest-bearing days. It's almost unbelievably antiquated.

The number one "guaranteed to start a flamewar" topic on many American-majority forums is tipping for waiters. "Minimum wage" laws, such as they are (or aren't as the case may be) usually have special allowances for tips received in service industries in many states, such as allowing an employer to count "predicted average tips" as part of a waitperson's wage-so if you are required by law to pay someone (say) eight USD p/h, but you claim they'll get on average 6.5 USD per hour in tips, you only have to pay them 1.5 USD an hour, and the need to work their asses off for the tips that will ensure they get paid what they should (sometimes the employer will have to make up the difference, but this process usually gets dragged out to the point where it's not reliable when you need to pay your rent.)

It's one of the main reasons tipping is such a huge emotional trigger for many in the US-it's effectively a voluntary subsidy to prop up someone's salary.

Posted at 8:51AM on 26 Nov 09. Permalink.

Paul, you're giving them too much credit. They won't even accept the metric system.

But they use the metric inch .... (exactly 2.54cm) ....

Posted at 10:39AM on 26 Nov 09. Permalink.

It's almost unbelievably antiquated.

Our best friend in the USA was paid with an actual 'check', had no bank account, and cashed his pay at the liquor store for a fee and some real greenbacks (cheque cashing places are EVERYWHERE in working-class neighbourhoods). He was admittedly an extreme case, but their whole system is just bizarre.

ID: I always had to present a passport because I didn't drive (yes, I did not drive. In Texas. Because I am nuts), and I occasionally got some odd looks and questions, but it was mostly OK.

Tipping: I always tipped 20%, because it was easy to work out and waiting tables sucks. People who broke out their calculators at the table totally freaked me out.

Posted at 11:18AM on 26 Nov 09. Permalink.

This just in from Mr A. Source:

Auckland City's PCI certification is under serious review which will compromise their ability to carry out any credit card transactions. This will also potentially impact the new Auckland Council. Basically, internal systems at Auckland City have been compromised.

Holy shit.

Posted at 11:22AM on 26 Nov 09. Permalink.

Ouch. That's rather epic. So somewhere at Auckland City they were storing a list of credit card numbers used by their car park ticket machines. Probably in the clear.

Why?

Posted at 11:25AM on 26 Nov 09. Permalink.

Basically, internal systems at Auckland City have been compromised.

Dear Mr Haxor,
Could you please remove a few awkward parking tickets under my name while you're mooching around in there?

Cheers.

Posted at 11:28AM on 26 Nov 09. Permalink.

Dear Mr Haxor,
Could you please remove a few awkward parking tickets under my name while you're mooching around in there?
Cheers.

I'm sorry Mikey, I can't do that.

Posted at 11:30AM on 26 Nov 09. Permalink.

and while you are at it, I've got a few rates bills...

Posted at 11:32AM on 26 Nov 09. Permalink.

I wonder how many other large organisations are about to have an urgent internal review.

Posted at 11:37AM on 26 Nov 09. Permalink.

On the cancelled credit cards...

ASB Bank told me that several customers had had fraudulent activity on their cards and that the only vendor that they had in common was ACC Parking, so that seems to back up what the media is saying.

What really pissed me off though was parking in the ACC Mercury Lane carpark a couple of weeks ago and on leaving - finding a sign saying:

"Credit cards out of order - see the cashier"

A little tricky when the Mercury Lane carpark is unmanned!

The walk back into Queen Street to find an ATM to get cash doubled my parking time... AND parking fee

Posted at 11:37AM on 26 Nov 09. Permalink.

I'm sorry Mikey, I can't do that.

If he'd just held out for a few more weeks he could have avoided the hell of unpaid DJing to first years...

Posted at 11:40AM on 26 Nov 09. Permalink.

In NZ I've walked around for 2 months with a $20 note in my wallet that I've never touched, because EFTPOS is accepted nearly everywhere with few exceptions

New Zealand is apparently the most EFTPOS using country in the world. The fee structure for the system encouraged rapid takeup by shopowners encouraged it apparently, but I can't remember the details.

It took a few months in Australia for me to realise that leaving the house without cash was a bad idea - shopowners generally aren't at all comfortable with using a bankcard for less than $15, and a credit card for less than $20. ATMs exist of course, but high fees for using other banks machines means that it isn't all that reliable. You get very used to having at least $50 in your pocket, and a couple of coins in case you can't break the note.

One of the places where the cashless economy is developing fastest is actually Africa. The mobile phone sector there is booming - a speaker talks of getting off the plane at Goma, Congo, and having more 3G networks than at home in Maine. As a result, mobile utilising cashless payment systems are booming. I have a fascinating link, but I can't find it at the moment. I'll post it when I do.

Posted at 11:41AM on 26 Nov 09. Permalink.

But they use the metric inch .... (exactly 2.54cm) ....

One of my biggest pet hates... how difficult could it be to get Microsoft to switch to metric when you set metric! Perhaps someone could start a campaign?

Posted at 11:45AM on 26 Nov 09. Permalink.

"It took a few months in Australia for me to realise that leaving the house without cash was a bad idea."

I understand that in NSW at least they still have, and actually use vagrant laws for people with no cash. A friend claims to having recived a ticket in the last 5 years in Sydney.

Some Australian readers might like to confirm?

Posted at 11:46AM on 26 Nov 09. Permalink.

In some states and some times (California keeps changing the law) you may be asked for a picture ID - they expect a driver's license, some people have never seen a passport and may be confused.

I just show my Kiwi license and if they quibble, berate them for not knowing the names of all the US states (NewZealand is between Idaho and North Dakota, don't you know that, sir).

Posted at 11:54AM on 26 Nov 09. Permalink.

Any possibility that the Auckland CC thing is an internal issue rather than external?

Posted at 11:56AM on 26 Nov 09. Permalink.

It's one of the main reasons tipping is such a huge emotional trigger for many in the US-it's effectively a voluntary subsidy to prop up someone's salary.

A few weeks ago I ran into someone who spent a lot of time as a waitress somewhere in the US. She thought something like 80% of her salary came through tips, and that'd be about US$180 on a good night, I think, for wherever it was that she worked. What surprised me, though, was when she explained how the waiting staff are often required to then tip the kitchen staff a portion of the tips they get, about 30% in her case. So if you tip them something for the service, you can't even guarantee they'll get to keep it. And this is why they often prefer tips in cash rather than electronically, since the cash tips can't be traced anywhere near as easily by the restaurant.

I guess if you live in that system with so many under-the-table expectations that are taboo to talk about, it makes some kind of sense. To me it seems confusing.

Posted at 12:08PM on 26 Nov 09. Permalink.

Any possibility that the Auckland CC thing is an internal issue rather than external?

I'd say probability rather than possibility.