Hard News by Russell Brown

Read Post

Hard News: A bigger breach?

113 Responses

First ←Older Page 1 2 3 4 5 Newer→ Last

  • Steve King,

    My ASB Visa was replaced last week due to the possibility it had been 'compromised', as was a friend's ASB Mastercard.

    Since Nov 2006 • 2 posts Report Reply

  • Rowsell,

    I recently had my credit card "disabled" by the bank and received a new one the next day in the post. The premise being they detected "dodgy" activity on it. Strangely the new card had the same number.

    The Downtown payment machines have now had the CC payment option unavailable for a few days now.

    Auckland • Since Nov 2009 • 4 posts Report Reply

  • Mark Walker,

    I received a new BNZ Visa replacment about 2 weeks ago due to a security concern. When I rang up to find more details I wasn't given many. I was told that certain businesses in Auckland *may* have had a security problem and that BNZ were being proactive in the interests of security blah blah.

    Mangawhai • Since Nov 2006 • 7 posts Report Reply

  • Kiri Carter,

    Me too, but it was more like three weeks ago. ASB visa. A workmate had hers replaced same way, same non-specific reason given.

    I asked an ASB Bank teller and he just said that it's most likely a precautionary measure where they know data has been accessed and they want to make sure there's no fraud. So he was no help.

    I guess if they're still investigating they're going to be a bit cagey about details... anyone got any anonymous sources from the banks...?

    Auckland • Since Apr 2009 • 4 posts Report Reply

  • Russell Brown,

    Righto. Clearly something's going on.

    Auckland • Since Nov 2006 • 22756 posts Report Reply

  • Steve Barnes,

    Ben Gracewood, who's no mug, has suggested that there might be a much larger breach or series of breaches that the banks aren't talking about yet.

    I have often wondered about the security of credit cards. How easy would it be to place a small transaction on all the card numbers that, say, a waiter or checkout worker have collected over the years. When you charge to a card you have the option of stating what you want to appear on their statement, how hard is it to write "Account Charge" or "Card Management fee" ?.
    If the charge is less than $5 most people would dismiss it as just another credit card company "charge" and do nothing about it.

    Strangely the new card had the same number.

    Is the 3 digit security number on the back of the card the same?.

    Peria • Since Dec 2006 • 5521 posts Report Reply

  • Matthew Poole,

    If they're being cagey, I would suspect that there's a big data-matching exercise going on within and between all the main banks. The only reason to keep people in the dark is when you're still hunting. Once the hunt is over, it's safe to let the world know that something like this happened, especially since it makes the banks look good, rather than bad, that they detected it internally and it wasn't their systems that were compromised.
    I doubt we've heard the end of this, either.

    Auckland • Since Mar 2007 • 4097 posts Report Reply

  • slarty,

    You'll never get figures from the Banks around the number of breaches.

    Globally PCI (payment card industry) operate some seriously scary surveillance systems. I get to see these things. I have no concerns about using my card...

    There are surges of activity as breaches tend to be detected in batches - so you will see a raft of cards replaced in clumps.

    The PCI system is continuously under attack (many originate from Eastern Europe). The techniques evolve on a daily basis. Basically it's an ongoing battle.

    A routine approach is to cancel cards that are old and not being used (just because villains tend to either use them straight away, or save up thousands and then do a concerted attack).

    It is fair to say there have been two or three breaches over recent months. The Car Park issue is the most insidious kind, and you need to think carefully about why they did a release...

    Since Nov 2006 • 290 posts Report Reply

  • Mark Walker,

    Is the 3 digit security number on the back of the card the same?.

    My CC number was same too, but 3 digit security number was changed.

    Mangawhai • Since Nov 2006 • 7 posts Report Reply

  • Andre Alessi,

    I have often wondered about the security of credit cards. How easy would it be to place a small transaction on all the card numbers that, say, a waiter or checkout worker have collected over the years. When you charge to a card you have the option of stating what you want to appear on their statement, how hard is it to write "Account Charge" or "Card Management fee" ?.
    If the charge is less than $5 most people would dismiss it as just another credit card company "charge" and do nothing about it.

    Most credit card companies proactively monitor for this sort of thing and suspend your card until you say it's OK to proceed.

    The general pattern for Internet-based credit card fraud is that you'll get a couple of small (1-2 USD) transactions on your card to "test the waters", then a much larger transaction as the fraudster tries to withdraw the money as cash. Banks have gotten better at jumping on those first small transactions.

    I've had my credit card suspended twice while this was investigated (though as far as I know my card's currently active.) The first time, my details had been stolen, but the second time I was signing up to an online gaming service which used a method of charging two small random amounts then having you report those amounts back from your statement to verify that you actually owned the card.

    Devonport, New Zealand • Since Nov 2006 • 864 posts Report Reply

  • Rob Coup,

    My MasterCard got replaced by ASB about 3 weeks ago... they were happy enough to keep it active over the weekend while I was away in Christchurch (they phoned about 3pm on Friday). No details, just said Visa had got in touch about a potential breach, and they were replacing it as a precaution.

    Auckland • Since Nov 2009 • 18 posts Report Reply

  • Russell Brown,

    Ross Anderson at Cambridge University is The Man on the security (or otherwise) of electronic payments systems -- and more recently on peer-to-peer networks and defeating censorship.

    I dealt with him in the 90s when I was writing about the debacle of the Mondex stored-value card system that all the big NZ banks bought into.

    Slarty, I'm guessing you know his work -- if not, he's your kinda guy.

    Auckland • Since Nov 2006 • 22756 posts Report Reply

  • Rowsell,

    Is the 3 digit security number on the back of the card the same?.

    No, I got a new security number on the back. Still if people have access to card numbers there are plenty of places to use a CC # online without knowing the CVV code on the back.

    Auckland • Since Nov 2009 • 4 posts Report Reply

  • dc_red,

    Yep, ASB visa (not due to expire for ages) replaced 2 weeks ago for no obvious reason.

    Oil Patch, Alberta • Since Nov 2006 • 706 posts Report Reply

  • Lee Taylor,

    I knew there was a problem when I started seeing transactions on my account made in Phoenix, AZ a few weeks ago. It was around the same time the machines in the carpark stopped accepting credit cards. Happily ASB issued a new card and refunded the money within a couple of days.

    Auckland • Since Dec 2007 • 3 posts Report Reply

  • Sofie Bribiesca,

    I asked an ASB Bank teller and he just said that it's most likely a precautionary measure where they know data has been accessed and they want to make sure there's no fraud. So he was no help.

    I 'd be happy with that info. Quite informative I would have thought.

    here and there. • Since Nov 2007 • 6796 posts Report Reply

  • Steve Barnes,

    there are plenty of places to use a CC # online without knowing the CVV code on the back.

    Call me old fasioned but I wouldn't touch one of those sites with your credit card.
    ;-)

    Peria • Since Dec 2006 • 5521 posts Report Reply

  • Graham Dunster,

    Both Amex and ASB Visa Platinum cards replaced in the past month by issuers due to fraudulent transactions appearing - train tickets in Sweden, various stuff in Germany etc. All the ones they've told me about have been European transactions. Haven't been asked to honour of these phony 'transactions'.

    Auckland • Since Nov 2009 • 184 posts Report Reply

  • Rik,

    A dozen responses...yet no-one has suggested John Key is behind this conspiracy so far?? Come on centre left, you can do better!

    Since Jun 2007 • 130 posts Report Reply

  • Janet Digby,

    This all sounds very odd.

    Also, I have always wondered about street parking machines where it debits your card without any pin number being entered. This is the case at the airport machines too. They charge like wounded bulls, and so in that case can be $50 or more being charged. What is the point in having the security measures if they aren't always applied?

    I booked a train trip in Italy last year over the internet with my credit card - through the national carrier, Trenitalia. I was stunned to see when I got back from my trip that some bugger had my number and was using it to buy all sorts of stuff in the UK, including a NZ$1000 phone. The bank noted these transactions were fraudulent and hence I wasn't liable, but it was horrible.

    The worst part was the credit card people suggested that they had problems with card numbers after people had made purchases though Trenitalia. I told them that average punters like me would think it was safe to use in this way, with a large national rail company, but they said not. I give up.

    I hear BNZ is phasing in card with a chip, hopefully that might reduce fraud. We seem to be late bringing in the chip cards here though.

    Auckland • Since Nov 2006 • 12 posts Report Reply

  • Steve Curtis,

    Slightly off track.
    The appropriately named 'Your Telecom' service from Telecom has been offline for a week.
    Security breaches ?

    Auckland • Since Nov 2006 • 314 posts Report Reply

  • Steve Barnes,

    A dozen responses...yet no-one has suggested John Key is behind this conspiracy so far?? Come on centre left, you can do better!

    Nah, it was Hone Key who said he could do better.
    We do the truth to power thingy.

    Peria • Since Dec 2006 • 5521 posts Report Reply

  • Revel Drummond,

    Talking about the dodgy use of credit cards.

    I have been travelling in the USA for the last three weeks. I used the BART train system in SF and the Amtrak routes in and out of SF too. To buy tickets just insert your credit card in this handy machine. No authentication required. None. I think I remember doing this in Europe too.

    Auckland • Since Oct 2009 • 3 posts Report Reply

  • Craig Ranapia,

    A dozen responses...yet no-one has suggested John Key is behind this conspiracy so far?? Come on centre left, you can do better!

    Isn't just assumed that John Key is personally responsible for everything even slightly crappy that has ever happened in the whole wide 'verse since just before the extinction of the dinosaurs?

    North Shore, Auckland • Since Nov 2006 • 12370 posts Report Reply

  • Rowsell,

    Call me old fasioned but I wouldn't touch one of those sites with your credit card.

    phew! I am more worried about bad guys using one of those sites with my credit card number :})

    Auckland • Since Nov 2009 • 4 posts Report Reply

First ←Older Page 1 2 3 4 5 Newer→ Last

Post your response…

Please sign in using your Public Address credentials…

Login

You may also create an account or retrieve your password.