**WARNING** Subway Subcards Privacy Issues.

By Steve Biddle, in , posted: 28-Dec-2006 11:03

I've been a Subway fan since they first opened in NZ so was a little disappointed when their sticker program ended earlier in the year but was quite excited when a friend who works there told me it was being replaced by a new swipe card system that would offer a lot of extra benefits.

Sunway launched these cards a few weeks ago but I only got around to picking mine up yesterday and the concept is cool - you buy your goods and card is scanned which credits your card/account with money for every sub you purchase and these can be used towards the purchase of a product once you have a minimum of $3. You will also be able to top this card up over the internet in the new year so it will end up being a prepaid card and there will apparently be lots of bonus points features occuring over time.

You can log into the subway website to view your card balance. The first time you log on you are prompted to enter your personal details including name, date of birth, gender, address, contact numbers and email address.

The scary part? Access to the website is by entering the 16 digit card number and 4 digit security code that is printed ON THE BACK of your Subcard for anybody to see! http://thor.evolution.co.nz/Subway-Customer/Login.html

If you lose your card anybody who finds it now has access to your personal details and can change them instantly online to be their own and also has access to any credit you have loaded onto the card.

Subway say they can replace registered cards

You must notify us immediately by calling [0800 78 222 73] if your SUBCARDTM is lost, stolen or destroyed.  Provided your old SUBCARDTM was registered, we will issue you with a replacement SUBCARDTM and freeze the remaining SUBWAY® Reward Dollars and cash balance on your old SUBCARDTM from the time that you report to us that your SUBCARDTM is lost, stolen or destroyed.

To credit a replacement SUBCARDTM with previously earned SUBWAY® Reward Dollars or a previously loaded cash balance we will require proof of your identity (including photo identification).  The crediting of a replacement SUBCARDTM is at our sole discretion.

But if somebody gets hold of my card and changes my details before I notify them the card is no longer mine because it will have somebody else's details on it so I have absolutely no hope of getting my credit back.

Sorry Subway I think you've blown it big time with your customer privacy this time. Like Pago who fail to impliment security procedures to stop accounts being hijacked you're now exposing your customers private details to anybody who wants to see them. This is simply not good enough. To access the web page users should have been requested to enter an account password which would have been so simple to add at the time the project was developed. Whoever worked as a Business Analyst for this project should go back to school and retrain as something else.

Other related posts:
Have an interest in retail payments and credit card interchange rates? Here’s your chance to have a say.
Fairfax takes journalism ethics and integrity to a whole new low with Stuff fibre
Why are airport taxes and service charges so high on Trans Tasman flights between New Zealand and Australia?

Comment by Carissa, on 7-Jan-2007 05:31

Hello, I am quite familiar with the subcard program. I wanted to add this note. Once you registar your card it can not be accessed by another user with out the user name (typically your email address) and password you create. So in effect this will block the ability for anyone else to log into your card information. Obviously this does not prevent them from trying to use it before you report it lost or stolen. This would be your responsibility to do this as soon as you aware. Thanks.

Comment by Mike Alpha Bravo four nine-er four, on 4-Feb-2007 23:39

Yeah, I hear you regarding the privacy issue, but have you thought about the lack of free subs you get with this new reward system. It's shocking!!!!!! I used to like the dinky little stickers that meant if I bought 8 six in subs or 4 foot long I could go in and get my self a free 6 inch sub. Gone are those days my friend. Nowadays you will more than likely have to buy 28 six inch subs to get a free six incher. Bit of a change there eh? I looked at my balance and worked out you get about 3.5% of the value of your sub in rewards the old system was buy 8, get 1 free which is roughly 8%. So even with the triple rewards points that you can earn in Feb if you register you'll still be short changed :(

Comment by claire, on 30-Sep-2009 19:39

hi i was just wondering how old do you have to be to get a sub card ....????

Add a comment

Please note: comments that are inappropriate or promotional in nature will be deleted. E-mail addresses are not displayed, but you must enter a valid e-mail address to confirm your comments.

Are you a registered Geekzone user? Login to have the fields below automatically filled in for you and to enable links in comments. If you have (or qualify to have) a Geekzone Blog then your comment will be automatically confirmed and shown in this blog post.

Your name:

Your e-mail:

Your webpage:

sbiddle's profile

Steve Biddle
New Zealand

I'm an engineer who loves building solutions to solve problems.

I also love sharing my views and analysis of the tech world on this blog, along with the odd story about aviation and the travel industry.

My interests and skillset include:

*VoIP (Voice over IP). I work with various brands of hardware and PBX's on a daily basis
  -Asterisk (incl PiaF, FreePBX, Elastix)

  -xDSL deployments

*Structured cabling
  -Home/office cabling
  -Phone & Data

*Computer networking
  -Mikrotik hardware
  -WAN/LAN solutions

*Wireless solutions
  -Motel/Hotel hotspot deployments
  -Outdoor wireless deployments, both small and large scale
  -Temporary wireless deployments
*CCTV solutions
  -Analogue and IP

I'm an #avgeek who loves to travel the world (preferably in seat 1A) and stay in nice hotels.

+My views do no represent my employer. I'm sure they'll be happy to give their own if you ask them.

You can contact me here or by email at stevenbiddle@gmail.com