When will NZ banks start taking card security seriously?

By Steve Biddle, in , posted: 28-Dec-2008 08:38

It's been revealed today that yet another case of ATM card skimming has occured. This time National Bank machines in Queen St, Vulcan Lane and Parnell all fitted with "anti skimming" devices had card skimming attachments fitted and card details taken.

It's well known in the security world that both NZ and Australian banks have some of the most lax card security in the world. This is the reason that New Zealand is now being hit by card scammers - it's becoming increasingly difficult to skim card details in Europe due to enhanced security measures in place. There are also numerous reported cases of European retailers now refusing to accept NZ or Australian credit cards due to the risk of fraud.

So what can we do? New Zealand banks should immediately be replacing all credit and EFTPOS cards with chip cards which offer a significantly higher level of security compared to existing magnetic stripe cards which are very easily cloned. PIN numbers should also be required on all credit card transactions as is the case in the UK and very soon all of Europe. Chip cards are not entirely foolproof however - there has been a case in the UK where EFTPOS terminals have been phyically altered to capture card details and send details via Bluetooth to capture equipment nearby due to a fundamental flaw in the architecture of the 3DES security for terminals that doesn't encrypt PIN numbers between the pinpad and the terminal.

So why don't NZ banks do something? Like everything banks do it's all about risk management. Replacing cards and upgrading infrastructure to replace mag stripe cards with chip cards costs money. Large amounts of money. It's obvious right now that these costs exceed the amount it costs backs to refund customers for fradulent transactions. Due to our lax security New Zealand is now turning into a prime target for scammers and skimming is a problem that is now going to become progressively worse until the tide turns and banks start taking security seriously.

So what can you do? Ensure that your credit card never leaves you sights.


* Hand over your card at a service station if they want to hold onto it when pumps are on prepay.

* Hand over your credit card at a cafe/restaurant for payment. Take the card to the counter yourself.


* Ask your bank what THEY are going to do to step up their security measures. In particular when THEY will be introducing chip cards for EFTPOS and credit cards issued by them. Remember YOU as a customer are in effect paying for fradulent transactions as its's simply part of their cost of doing business and reflected in the charges they pass on to you.

* Check your bank statements carefully. Report any suspcious transactions immediately.

* Be aware of any suspicious activity near ATM's.

Other related posts:
No, AT aren’t stealing your money. How Stuff confused a nation.
The perils of using Airbnb during big events
How to remotely control your heat pump from your phone for under NZ$25

comments powered by Disqus

sbiddle's profile

Steve Biddle
New Zealand

I'm an engineer who loves building solutions to solve problems.

I also love sharing my views and analysis of the tech world on this blog, along with the odd story about aviation and the travel industry.

My interests and skillset include:

*VoIP (Voice over IP). I work with various brands of hardware and PBX's on a daily basis
  -Asterisk (incl PiaF, FreePBX, Elastix)

  -xDSL deployments

*Structured cabling
  -Home/office cabling
  -Phone & Data

*Computer networking
  -Mikrotik hardware
  -WAN/LAN solutions

*Wireless solutions
  -Motel/Hotel hotspot deployments
  -Outdoor wireless deployments, both small and large scale
  -Temporary wireless deployments
*CCTV solutions
  -Analogue and IP

I'm an #avgeek who loves to travel the world (preferably in seat 1A) and stay in nice hotels.

+My views do no represent my employer. I'm sure they'll be happy to give their own if you ask them.

You can contact me here or by email at stevenbiddle@gmail.com