Auckland Downtown credit card scam and PCI compliance

Parking Today’s technology editor, Pete Goldin, posted this week about PCI compliance – the Payment Card Industry Data Security Standard.The PCI Data Security Standard is a multifaceted security standard that includes requirements for security management, policies, procedures, network architecture, software design and other critical protective measures. You can read more about the twelve core requirements of the PCI DSS on the PCI ‘News and Information’ page here.

Parking Today’s blog talks about the credit card fraud uncovered (in late November 2009) at the Downtown car park in Auckland, New Zealand, where payment machines were compromised by payment card fraudsters. The breach is believed to have affected more than 100,000 cards (including credit cards, debit cards, and other bank cards used for payment) over a period of up to three years, with the banks staying quiet on the scale of the problem.

The article discusses whether the car park, which is owned and operated by the Auckland City Council, is PCI DSS compliant. When asked, the Council refused to comment on the issue. But Bob Russo, General Manager of the PCI Council, says “in general, we haven’t found anybody who has been breached that has been compliant with PCI DSS at the time of the breach. And that is over the last 3 years that the council has been in existence.”

You can read more about the PCI DSS standard in an article published in ‘Charter’ magazine (the journal of the Institute of Chartered Accountants in Australia), outlining the need for businesses handling card data transmission to comply with the standard, or otherwise face potential fines, increased audits, or possibly suspension of their merchant account facility. Download the article as a PDF here.

Whilst the PCI DSS standard is relatively new – only having been around internationally for three years – this is a timely reminder to all car park owners and operators in Australia and around the world to ensure that their payment card systems are up to date and fully compliant with the PCI DSS standard, particularly in the event of purchasing new equipment.

Leave a Reply

Your email address will not be published. Required fields are marked *

Subscribe to our blog
  • You can unsubscribe at any time using the link in our emails. For more details, review our Privacy Policy.
  • This field is for validation purposes and should be left unchanged.

Subscribe to receive the latest Wayfinding Blog straight to your inbox.

  • This field is for validation purposes and should be left unchanged.