Authorities promise to address the problem that affects Myki

Aug 8, 2012 10:55 GMT  ·  By

Most Australians from the state of Victoria who use public transportation acquire their tickets via the contactless smartcard ticketing system known as Myki. The problem is that an error present in the vending machines could expose the credit card details of customers.

According to The Age, when travelers pay for their tickets with credit or eftpos cards, the vending machines ask them if they want a receipt. Due to a bug, even if the individual chooses not to receive one, the machine prints one anyway.

On the other hand, those who ask for receipts are served two copies.

The receipts contain the customer’s full name, nine digits from their credit card number and its expiry date, information that, according to Australian Securities and Investment Commission and credit card companies, should be handled with care in order to minimize the potential risks.

A worst-case scenario is one in which a passenger selects “no” and rushes off before the receipt is printed. The person that uses the machine next can end up with pieces of information that could be highly valuable to a skilled social engineer or an identity thief.

The Transport Ticketing Authority (TTA) has been made aware of the issue and claims that the problem is being addressed. They will also try to reduce the amount of information printed on the receipts, even though it’s in compliance with the electronic funds transfer code.

“The TTA originally believed that the majority of customers would want to have an eftpos receipt to verify their transaction. Real-world experience has shown that many customers do not collect the receipt and leave it in the machine,” TTA Chief Executive, Bernie Carolan, explained.

So far, there haven’t been any signs of misuse and hopefully the TTA will manage to fix the problem before fraudsters come up with a malicious scheme.