Another day another card fraud… New Zealand Car Parking Machines Compromised

Another day and yet another card fraud uncovered. Auckland City Council is a little red-faced after being warned that cards have been skimmed in one of their larger car parks in downtown Auckland.  Don’t laugh yet, as they are only the first of many I predict who will see this type of attack escalate.  ATM devices are getting harder to skim and easier to simply blow up for their cash, so any other unattended device taking card payments are the next big thing for card fraudsters.

Fantastic one this one as it finally alerts authorities to stop believing hardware manufacturers who sell them systems clearly designed to be compromised!  Card park systems that simply read your card to bill you for payment should have been left in the 1990’s when authorities and private car parks could trust the public with insecure card systems.  To have an unattended system that processes a payment from your card without any verification today is simply put STUPID!  Yet we see almost every car park around the world using them.

Nice thing about South Africa is that we always follow what is fashionable or what the big technology brands manage to shove down our throats with a few extra golf days and a lunch or two, so it cannot be a surprise that South Africa, like New Zealand, offers the public the same wonderful automated payment process at their public car parks.  In fact these state-of-the-art systems have been rolled out at our lovely new airport parking extensions from Johannesburg to Cape Town (Durban too?).  Nothing like popping your parking ticket into a slot where it gets swallowed, checked, then held while the same slot then needs your card to process the calculated parking payment, and then have it spat back at you, all in one smooth action.

Wait, no cardholder verification required? Nope, none, nada, nothing!  We are living in 2009 and trust you completely, so much so we even put these systems at our airports for the fraudster’s convenience so that they can fly in, commit their crime, and fly out again to the next city and their next target.  Nothing like customers demanding convenience to make us do stupid things in terms of payment systems.  We need to ensure things are secured as soon as possible here in South Africa, and we need to ensure it is done before the World Cup or we will see the same old and I bet wonderful new attempts from our local and international call-a-fraudster groups at hacking all those foreign high value credit cards on unattended systems such as the parking kiosk.

I can hear some readers of this post thinking why all the nonsense over a compromised parking ticket fee or card payment? Card skimming is pretty sophisticated, so you can bet that cards being skimmed are pretty much communicated to fraudsters abroad in seconds, printed and encoded onto new cards, and then used within hours abroad on a terminal where signature is the only thing needed to verify the ‘cardholder’, or even better online with e-commerce sites that do not verify the user.  So your parking ticket payment of ZAR25.00 at Cape Town International airport at 10am on a Tuesday in South Africa, can actually be costing you US$300 (ZAR2,220) for a 2am club entry in LA, or worse…

Google releases the first Chrome OS code… cue the doomsayers!

I just love how we are as human beings, especially the geek brigade.  Whether IBM, Microsoft, Apple, Novell, any Linux distro, and now Google, we are always either completely in love or completely out of love with their product/service, and highly complimentary or highly critical!

This past week Google makes more news and some code available of the upcoming Chrome OS, and makes it very clear that this is still pre-alpha stuff, just to get us warmed up to the idea. No sooner has the day ended or out come the doomsayers (doomsayer – ‘One who predicts calamity at every opportunity.’ – thefreedictionary.com), and we have blogs and articles all over the web stating how Google missed it, how Chrome OS is dead before it has even begun, and how Chrome OS will take down Microsoft, or how Microsoft will take down Google, and so on and so on and so on.  Btw, if you want to know my personal favorite, it has to be Randall C. Kennedy’s Why Chrome OS will fail — big time … EISH! and you have to be South African to understand that I am not complimenting him here at all!

With Microsoft it was the same, remember Bing?  Wow, we saw all kinds of comments coming out of the woodwork on that one, no matter that for once Microsoft started getting it right with the move to a single search platform within their offerings, or that the data on usage in those first weeks had very little to do with Bing’s ultimate success as a search engine and more to do with people trying out the new platform.

Doomsayers are always going to be around, but these days of instant reports over multiple mediums, pretend experts, self promoting blogs, reporters writing reports based on the opinions of other reporters who heard news from unnamed often unverified sources, tend to lead to some seriously misguided comments!   And since when have we become so cynical that we shoot down new ideas even before they’ve truly been tested?  Imagine hearing about two brothers who made bicycles for a living believing they could FLY!

Are companies also guilty here? Possibly, watching Apple over the years they seem to have a trick to successfully release news of new ideas, concepts, services or products, though they too have not been spared this treatment.  I don’t think Google is perfect in how it does that either, and so too Microsoft or even Apple.  With the ease with which people can publish their own thoughts on anything these days (you’re reading mine right now) controlling how these new concepts or products are written about in better and more accurate ways, may become the issue for public debate, but it is something we as geeks can improve on here and now.

Like Google Wave, Chrome OS already suffers from public hype, the perceived solution that it is not, and I wonder just what is going to happen when finally it is released to the world.  For the greater part of that hype we the geeks are to blame.  There is so much misconception from the very crowd of people others look to for balanced opinions, that it is depressing to me to think what these doomsayers are doing when they are not writing such drivel.

Can you imagine being an owner of a company where these individuals work, and the critical decisions they make on your behalf?  Just imagine how many dollars their opinionated choices have already cost you, because they prefer to follow their own opinion instead of conducting a ‘fair evaluation’ of a new solution without bias?

When a product is put out to the world in code for a collaboration or comment so early on in its development it would be nice if we could all put our collective efforts into trying it out and making constructive comments about the code, the intended functions that are or are not delivered, and the resulting user experience only, instead of acting as the town-criers that we are not and prophesying biased drivel.

We all suffer from this habit of isolating ourselves into camps, don’t we? Geeks and technologists are so guilty of this, myself included, but lately I have realized that when it comes down to it, no product or service is perfect, no brand saintly, and no consultant worth his or her salt should pretend otherwise.

We should be ‘cross-platform, open-minded individuals’ who look at the problems experienced by our clients, their budget and resource constraints and then to the pool of available solutions or solution components that could offer them relief without taking brand bias with us into that decision-making process.

The EU will not be the end of Microsoft, Bing does not mean the end of Google, Chrome OS does not mean death to all other OS’s, and Google’s Phone won’t kill Nokia or iPhone for that matter.  Logic must prevail when we offer opinion, we must base what we say on fact, and we must know when to say the things we do.  If we do this our integrity remains intact and those who value our opinions become better informed and make better choices.

Twitter?

Ok, here’s my issue with Twitter. Why?

Do we really need this ‘new’ concept of communication? Am I in the minority here or is this a service that, though possibly exciting to some, seem somewhat spare and even frustrating? In fact to be honest I find it similar to spam, as irritating, and terminated my overeager original registration made in those first months after their launch when we all acted like Twits and signed up.

I get status reports of similar frequency and length from networks like Ning, Linkedin and of course Facebook. Possibly for these reasons I have not yet missed being a Twit. Anyone else feel the same way?

Chrome OS code released into the open!

Google today released code of their much anticipated Chrome OS, though it is still very much alpha at this stage. According to Google the code cannot be consider beta or production, but that the current version of code will allow developers to understand, design and develop for Chrome OS as it is today. If you are interested in getting your grubby little hands on it as I have, go to chromium.org, download the depot tools and then the code version you want. Like Android this could be the start of a very good ‘friendship’…

Spanish credit card fraud leads to big German card recall

Having over 100,000 cards recalled in Germany as a result of possible fraud in Spain shows just how serious this breach could be. Whilst it is still not possible to know who the Spanish card processing company is, I can imagine one of two scenarios: 1. a local processor switching terminal transactions for merchants within Spain itself, or 2. a processing company switching Internet transactions. It is also possible that the staff members concerned somehow sold off card details or used them in fraudulent transactions themselves. None of this is known and in none of the actual articles the past few hours are any real details made known, other than the German card recall. For issuers to recall cards the breach has had to be serious enough, and so I expect the news to get worse as the investigators start uncovering the facts.

Aggressive Sales Tactics on the Internet and Their Impact on American Consumers

The Internet suffers from various issues since its inception, but none so frustrating as caused by one of its biggest attributes, cardholder-not-present transactions, namely virtual merchants and their sales tactics. I guess pixels make sales transparency a hard thing to substantiate when it allows virtual businesses to spring up overnight, representing any number of real individuals or corporations or products or services, quite often without any intention to satisfy their customers requirements or needs, and designed to extract the maximum fee for doing so. Pixels have made setting up business very easy, and even more so the setting up of commercial traps for the inexperienced consumer.

In the past various programs by honest merchants or by consumer bodies have attempted to control and expose such businesses and their nebulous promises of instant customer satisfaction.  Of these types of businesses hardest to control has been the online discount club or membership clubs that offer all kinds of rewards in exchange for monthly subscriptions.  Millions have been raked in from consumers seemingly in a hurry to join the fray and enjoy their benefits, except that the consumers mostly seemed to have been fooled or tricked into signing up, and now turn out to have been less than happy about their memberships.

Well done to the US Senate Committee on Commerce, Science & Transportation who have today released the results of their investigation into these clubs and their tactics.  It is about time consumers have someone fighting on their side.  Having been in the payments industry for the past 9 years, I had first hand experience in dealing with business people who felt quite justified with such tactics and often very offended when we pointed out the problems we saw with their business model.  Rejecting them completely in terms of switching their transactions made sense to both my colleagues and I as the methods of their revenue generation off unsuspecting customers was very clear to us.  Too many such ‘clubs’ have stolen millions from consumers over the past 10 years and the US government’s attempts to block and finally stop such practices can only be highly commended.

Now if we can just convince Canada to do the same…

 

Thebe Investment Corporation – Hello?

An amazing thing happened this morning whilst I tried accessing www.thebe.co.za., the web site for the mighty Thebe Investment Corporation. It was down, with the error: ‘The connection has timed out. The server at www.thebe.co.za is taking too long to respond.’! Other Thebe sites worked perfectly, but their corporate home pages were not available for browsing for some reason. Ping’d and found them, but still no response to a general browse request.

Thebe, hey, I’m ringing your virtual door bell! And this post is me knocking on your virtual door! Can someone hear me?

Seriously, this happens all too often with corporate sites in South Africa. DoS’s aside, staff should be trained to make checking their sites a number one priority each and every day they come to the office and leave in the afternoon again. A simply check to ensure that they are actually live AND accessable from an outside IP (outside their company domain or network that is).

Small gripe I know, but hey, I had to write something this morning!

Paypal’s open payment API for developers

Its a busy time for Paypal X Integration Center what with the news of an open payments API doing the rounds.  The concept is good and opens the door to 3rd party projects that could expand the system’s use and application significantly.  I do believe that this method of collaboration always benefits the customers in the end.  Google taking their Checkout product into the community from day one proves the point quite well, as 3rd parties, quite often employed by competitors, rushed to comment on and test the Checkout product for Google, which in turn improved their offering to what it is today.  Kudos to Paypal for taking a similar approach!

To apply for the documentation and user access, you will need to visit Paypal’s Developer Central and check it out for yourself after applying to participate.  By the way, the site can also be accessed at the very easily remembered URL, x.com.

ICANN International Domain Names coming in November 2009

This rather extended title refers to ICANN’s decision to allow domain name extensions, specifically for country or region specific extensions initially, to be registered in non-latin characters or international characters.  This represents a major step away from the use of Latin based characters for the DNS and opens the door, albeit a small bit initially, to millions of users around the world who never use Latin characters in their everyday lives.  Large population groups will now be able to use their native or national language in its original form to register their domain names with, a major step in the right direction in my opinion and one more step away from US dominance of the ICANN as an organization.  Since releasing ICANN in terms of US ownership or control, the organization has been actively moving into a more international role focusing on bringing its services and the DNS to everyone around the world, regardless culture, language or creed.

[Totally tongue in cheek here, but...]

in South Africa it means we can finally use Khoisan for ours, since it is the oldest language of the original people of this country, the basis of our nation’s collective spirit (bushmen, the last of the San people, are very hardy friendly folk), and the language used for this country’s official motto.  Though it is so prominent, it does not take an expert to know that very few South Africans have a clue how to read or pronounce Khoisan, but that does not seem to stop us from using it as we have.  It just looks so impressive when writing into slogans or inscribed onto buildings or imbedded into country emblems, just take a look at our country’s Coat of Arms to see what I mean:

(The motto of the coat of arms – !ke e:/xarra//ke – is in the Khoisan language of the /Xam people, and means “diverse people unite”, or “people who are different joining together”)

So our national domain should reflect the same I think – something like southafrica.!ke or southafrica.e:/x – truthfully I cannot tell you where a Khoisan word starts or ends, even in South Africa I would need one of a very few Khoisan language experts to advise us on that, or a Bushman of course.  I may say it as ’southafrica.”click click tsk tsk tsk click”‘ or something sounding that way, since the Khoisan languages sound so much like tongue clicks repeated amongst other sounds in various tempos and with variable accents. Ultimately the San people would be now able to spell a domain exactly as they speak it, and we fellow South Africans would be able to look on with embarrassed pride at how good it looks without being able to read or speak it.

Regardless, this is a silly explanation of what the ICANN decision will lead to, and not at all the right one, but it is meant to show that everyone now would be able to use, spell and read their national domains in their own characters reflecting their own language, even the Khoisan of South Africa!

Fundamo in Pakistan

Telenor Pakistan and the Tameer Bank announced this week (Oct 14th) that they are launching branchless banking based on the Fundamo product.  This is a wonderful achievement for a team from South Africa who have long strived to deliver their quality product abroad.  Well done also to Telenor Pakistan and the Tameer Bank for selecting a truly South African solution for their mobile banking project.