PCI recently wrote about the theft of credit card details from payment machines at the Downtown Car Park in central Auckland in November (see previous blog posts ‘Auckland Downtown credit card scam and PCI compliance ’ and ‘Another reason to be PCI compliant’).
The victims of the scam, which had gone undetected for some time, have told the NZ Herald their card details were used to make purchases at the Walmart chain of stores in Phoenix, Arizona, which suggests the hackers are based overseas.
The Auckland Fraud Squad, investigating the case, has confirmed that police had been in touch with the Federal Bureau of Investigation because of the link to the United States. Though the amount of money stolen from the Downtown Car Park customers would be small by international standards, it is thought the hackers could be part of a wider cybercrime syndicate.
Technically, the Downtown Car Park machines are still at risk, so credit card payments can be made only at a staffed booth, which is more secure because the Eftpos system goes directly to the bank.
Auckland City Council has since fast-tracked a $4 million upgrade of the payment machines at the building, and three other inner-city car parks, after breach of the 10-year-old system. The Council hopes to have the new system in place by the end of the year.