Carpark scam hits thousands

Banks first detected the con when they noticed that the Auckland City Council's Downtown carpark was a common point of purchase on fraudulent credit-card transactions. Photo / Greg Bowker

Thieves have hacked into payment machines at the Downtown carpark in central Auckland and stolen the credit-card details of thousands of people.

The matter came to light after banking systems pinpointed the council-owned carpark as a common point of purchase on fraudulent card transactions.

It is unclear whether the thieves attached a skimming device to the payment machines or accessed the devices' credit-card database internally, in which case those responsible could be overseas.

Westpac Bank, which is investigating the fraud, last night declined to reveal the scale of the problem, but the Herald understands that possibly tens of thousands of credit cards have been compromised and need to be replaced.

A source said the fraud had gone undetected for a long time, possibly years. It has come to light only in the past few weeks.

"How much money has gone missing from these cards is anyone's guess."

The Downtown carpark has 1970 spaces and is owned and operated by the Auckland City Council. It is one of three council carparks with credit-card facilities. The others are the Victoria St and Aotea carparks.

Finance general manager Andrew McKenzie said the council had stopped accepting payment through the machine credit-card facilities at the three carparks. People could still pay by credit card at the cashiers' booths.

He said Westpac had told the council the extent of the problem, but it was a matter for the bank and credit-card companies to publicly disclose.

The bank had asked the council to keep the matter quiet while it conducted an investigation, Mr McKenzie said.

Westpac, Mastercard, Visa and other service providers have been scrambling to deal with the problem.

Westpac media relations manager Craig Dowling said the bank was assisting the council with an investigation of a possible link between fraudulent transactions and credit cards used at the Downtown carpark. The police had been informed.

He said details had been provided to affected banks and, as a precaution, potentially affected cards were being proactively replaced.

"Should any credit card holders notice any irregular credit-card transactions on their account, we ask they contact their bank directly," Mr Dowling said.

Generally, banks and credit-card companies do not make customers liable for fraudulent transactions.

Mr Dowling said that while the investigation was continuing, the bank would not provide any further details. Mastercard and Visa declined to comment.

Mr McKenzie said the council was waiting to hear about changes that needed to be made to the payment machines to prevent a repeat of the problem.

"We have done the things we need to in terms of closing off access to the machines for credit cards, and when they are judged to be safe by the banks people will be able to use credit cards again."

Only 10 days ago, the Auckland City police financial crime unit warned users of cash machine to watch out for another round of "skimming" as sophisticated criminals were targeting ATMs.

The unit said it was aware of three incidents in the previous 10 days where devices were attached to ATMs and security details of customers had been acquired.

A false fascia plate was found attached to an ATM in Ponsonby Rd. It was fitted over the card-slot area and designed to capture card information. Detective Senior Sergeant Hywel Jones said police would check CCTV footage of the area.

Another ATM on Karangahape Rd and one in the Hamilton suburb of Dinsdale were also targeted. More than one bank had been targeted.

HOW THE CON COULD HAVE HAPPENED

Skimming: Attaching a device directly to the payment machine and stealing credit-card information as the card is inserted.
Hacking: Accessing the payment machines' credit-card database, possibly even from outside New Zealand.

TELL US
Are you a carpark fraud victim? Contact newsdesk@nzherald.co.nz