This story follows on the heels of the post below. It's not about a security problem with a system, it's about how a system is designed to work.
In this case it's a case of "batch" versus a true "on line" system. With a batch system, credit card numbers are checked by the bank once a day, say in the evening after the meters are off duty. The parker has already been given his receipt, used the parking, and is on his way. If a card is rejected, the money is lost. In a true on line system, the cards are checked every time they are inserted. Of course that means that the meters must be either on line all the time or contact the central system whenever a card is inserted (and this might take a few moments to complete the transaction.)
So how much could be lost if a few cards are rejected? According to an auditor in Toronto, the city lost about 5% of its $53,000,000 in revenue because of bad cards. There was no failing of the system, it worked as advertised. The problem is that because they didn't reject the cards when they were inserted, $2.7 million in revenue was lost.
On line systems aren't inexpensive. The infrastructure might not exist in some places. A smart buyer has to weight the risk versus the cost. At 5% a year in lost revenue, how long would it take to recover the additional cost of the online equipment?
JVH
