Sponsor's Message

In fact, I had posted this very warning in a message to usenet almost exactly a year ago -- perhaps I ought to have included a warning in this column for the benefit of readers.

While many people refuse to purchase online using their credit cards, for fear that their valuable card details may fall into the hands of nefarious types, a good number of them have been oblivious to the risks associated with not treating each and every receipt as if it were a copy of that card.

The networks that issue these receipts are owned by two main consortiums of banks and the crazy thing is that they have long-known about this vulnerability, yet did nothing.

Instead of either fixing the problem or advising customers that the risk existed, they just kept quiet and hoped nobody else would notice (security by obscurity fails again).

Readers Say Got something to say about today's column, or want to see what others think?  Visit The Forums

And it's time for a brickbat for Fair Go...

On last night's programme, they said it seemed odd that the banks would allow this situation to continue when it was they who had so much to lose (since fraudulent transactions are usually credited back to the card-holder).

BZZZT -- wrong answer Fair Go.

The banks lose NOTHING!

It's the poor unsuspecting merchant who accepted the stolen card details who ends up out of pocket -- the banks don't lose a penny.

I guess this explains why the banks felt it unnecessary to inform their customers of the risks or to fix the problem where it existed -- they weren't carrying any risk.

Doesn't this sound awfully familiar to the recent phishing scams that hit Westpac NZ customers?

As I pointed out at the time -- Westpac knew full well that these scams existed, having had customers in Australia duped by several waves of such emails and fake websites long before the first attack on NZ customers. But did they issue a pre-emptive warning? Hell no they didn't.

So why do the banks continue to treat their customers like mushrooms when it comes to matters of security?

How many other risks and vulnerabilities exist within the banking system and which the banks consider it more prudent to simply ignore and keep quiet about rather than actually fix?

Given the *massive* levels of profit that the major trading banks generate, surely it's not too much to ask that they consider the customers' best interests once in a while?

Surely it's time that they gave any employee or consultant that advocated "security by obscurity" a quick trip to the dole queue.

New Forums!
Yes folks, good news. The grotty ezboard forums have been replaced with a new phpBBS-based system that won't assault you with a myriad of pop-ups and other flotsam.

A big thanks to Managed Internet Solutions for offering to provide this service.

You can access the new forums over at aardvarkforums.co.nz

If you feel that this is a good thing and/or you hold a "geniune affection" for yours truly -- then you are welcome to gift me some money using the buttons provided. In gifting this money you accept that no goods, service or other consideration is offered, provided, accepted or anticipated in return. Just click on the button to gift whatever you can afford. NOTE: PayPal bills in US dollars so don't accidentally gift more than what you were intending :-)

Contacting Aardvark
I'm always happy to hear from readers, whether they're delivering brickbats, bouquets or news tip-offs. If you'd like to contact me directly, please this form. If you're happy for me to republish your comments then please be sure and select For Publication.

Other media organisations seeking more information or republication rights are also invited to contact me.

Just add a couple of lines of JavaScript to your pages and you can get a free summary of Aardvark's daily commentary -- automatically updated each and every week-day.

Aardvark also makes a summary of this daily column available via XML using the RSS format. More details can be found here.

Contact me if you decide to use either of these feeds and have any problems.

Linking Policy
Want to link to this site? Check out Aardvark's Linking Policy.

Did you tell someone else about Aardvark today? If not then do it now!