KEY POINTS:
Internet security flaws have forced a closedown of website toll payment facilities for the Northern Gateway motorway between Orewa and Puhoi, less than three weeks before its opening date.
After shutting the payment section of the $365 million toll road's website yesterday, the NZ Transport Agency admitted it had done so because of flaws pointed out to the Herald by computer experts.
It said the toll payment system was set up "without all the necessary security features".
The agency has until January 25 to plug the security hole, but more than 900 motorists have sent credit card or bank details over what it now admits was an insecure internet link to set up toll payment accounts.
That follows a marketing blitz by the agency to get motorists booked in early to the $27.8 million "free-flow" electronic collection system, which is run through the national motor vehicle registry centre in Palmerston North.
The system works through cameras mounted on gantries near the Orewa end of the 7.5km toll road, which will photograph number plates and match the images through the registry.
Those who do not have accounts will be required to pay their tolls - $2 for cars or $4 for trucks - within three days of using the road, either through a freephone number (0800-40-20-20) or at kiosks at either end of the road.
When told by the Herald on Monday of computer industry professionals' concerns, vehicle registry centre manager Brett Dooley said he was confident the website was secure.
All the banks set up for website transactions had "verified and certified all our banking arrangements", he said.
Even so, Mr Dooley acknowledged then that changes would be made to the website to assure motorists their credit card details would be safe from computer hackers.
That was because the on-line form on which motorists were asked to post their details lacked two indications that they would be protected by encryption - an "https" in the website address and a padlock icon at the bottom right of the page.
But last night, the agency said it regretted the fact "that comments given to the Herald yesterday incorrectly stated that the site was secure before these changes have been made."
"NZTA is making changes to the toll road website to improve the security of the on-line payment facilities," it said.
"While these improvements are being made, the facility for setting up pre-paid accounts on line will not be available."
The agency said it would contact all those who had already set up accounts over the internet to advise them of the problem. Motorists were still able to set up accounts by calling the freephone number.
A spokesman said last night the agency did not know of any attempt to hack into the system.
The agency did not yet know how long it would take to restore the facilities, or whether it could be done before the road opened for use on Sunday January 25.
North Shore computer programmer David Williams, who alerted the Herald to the security lapse, said last night he was relieved it would be fixed before more motorists handed over their credit card details.
He suspected the glitch occurred because of a rush to have the facilities ready before Christmas.
