IT Hiccups of the Week: Programming Error Rejects Unsuspecting Oregon Trimet Riders' Credit and Debit Cards for 5 Years

This past week saw a hodgepodge of ICT-related issues. We start off with a long-standing software error affecting the credit and debit cards of some unlucky postcode related TriMet transit passengers in Portland, Oregon.

TriMet Ticketing Machine Software Error Flags Credit and Debit Cards as Fraudulent

For years, officials at Portland, Oregon’s, metro TriMet bus, light rail and commuter rail transit system have been trying to deter thieves using stolen credit and debit cards from purchasing TriMet transit tickets as a way to quickly cash in on their theft before a card is reported stolen. According to a 2011 story at the Oregonian, the thieves' modus operandi is using a stolen card to purchase an $88 TriMet pass at a ticket machine, then selling them for huge discounts in a thriving local black market. The fraud costs the transit system tens of thousands of dollars, the article says, because TriMet has made transactions using plastic so easy that “credit processor Visa requires it to cover the cost of every ticket purchased with a stolen credit card.” In 2012, Visa charged back US $95 389 for fraudulent transactions.

Many legitimate purchasers of TriMet tickets have been feeling the effects of the fraudulent activity as well. For the past several years, a large number of TriMet transit riders have been complaining that when they used their credit or debit cards to purchase a ticket, the purchases were not only declined, but their banks put security freezes on their cards out of fear that they had been stolen. Sometimes the banks would even cancel the cards outright, another story in the Oregonian reported last week.

When riders complained to TriMet about the issue, transit officials told the riders that they needed to talk to their banks about it, not them. The Oregonian stated that, “TriMet assumed problems with riders having cards suspended and cancelled were the result of banks using proprietary fraud filters to stop thieves.”

A classic case of what Oscar Wilde said about assumptions: “When you assume, you make an ass out of u and me.”

What was really behind the false positives? A software error in TriMet’s 215 ticketing machines was flagging the credit and debit cards of riders with a certain zip code as being stolen. This was happening 1000 to 2000 times a month over the past five years, Portland television station KATU reported. The error was finally discovered this January. “A data field was passing something other than TriMet's zip code, causing banks to flag the transactions as risky,” the Oregonian reported.

A TriMet official was quoted in the paper as saying, “After addressing [the error], fraud declines for credit cards users at our TVMs decreased significantly from 4 percent to 0.3 percent.”

TriMet issued a roundabout apology for the error, which was buried in a press release detailing the steps the transit agency is taking to reduce another issue angering its ridership, namely the notorious unreliability of its ticketing machines. TriMet suggests in its release that until machine reliability is improved (hopefully this summer), riders should not depend on the machines to purchase a single ticket at the station, but to instead carry a book of pre-bought tickets just in case.

Software Problems Disrupt Austrian Electricity Grid

There was an intriguing but short on detail story last Friday by ICIS, which bills itself as the world's largest petrochemical market information provider, reporting that “several Austrian electricity plants …[had] to be redispatched manually rather than automatically on 3 May.” The reason: “...a sudden flood of data overloaded the control systems in certain regions of the transmission and distribution grids.”

 Dispatching means “determining which units a power system operates (or ‘dispatches’) to meet the demand for electricity.”

According to ICIS, “Because of the delayed expansion of the transmission grid in Germany, excess wind power generation in the north needs to flow through the neighboring countries and often re-enter the German system through Austria in the south. The transit flows pose a problem to the system security in many of these countries.”

In April, Reuters published a story that discussed the effects of these transit flows and how the Czech grid operators are planning steps to protect its electric grid against German wind power surges. The story notes that German law prohibits “its grid operators to turn off renewable sources at times of excess production.”

The volume of data generated on 3 May created a situation that the control software could not handle properly, which then led to what was termed to be a “software failure.” Left unexplained was why the data volume was so high, given that it was a “quiet day,” where German wind and other renewable power generation was low. Also unexplained was why the failure of the control system software affected so many different Austrian electricity plants.

Hacking of the electricity grid has been ruled out, and investigators speculate that one reason the problem spread was that the Austrian electricity plants were all using the same control system software. The ICIS story said that if it hadn’t been a quiet day, the disruption could have become one of critical proportions for several countries' power grids.

Chrysler and GM Recall Vehicles for Computer Problems

Last week, there were two computer-related recalls. The first was by GM, which is recalling 42 904 Chevrolet Malibu Eco as well as Buick LaCrosse and Regal sedans equipped with the “eAssist” mild hybrid system from the 2012 and 2013 model years. The announcement came in a GM recall letter (pdf) to the U.S. National Highway Traffic Safety Administration (NHTSA).

According to the GM letter, “These vehicles may have a condition (pdf) in which the generator Control Module (GCM) may not function properly. This could cause a gradual loss of battery charge and the illumination of the malfunction indicator light.”  If driver ignores the light, the vehicle’s engine may stall or not start, and in extreme cases, a Reuters story says, the eAssist system’s circuit board may overheat and lead to a fire in the trunk. Two such fires (but no injuries) have been reported to GM .

Most of the incidents have occurred within the first 1000 miles of operation, GM says.

Chrysler announced late last week that it would soon recall 469 000 Commanders made from 2006 to 2010 and Jeep Grand Cherokees made from 2005 to 2010. Chrysler says it needs to install a software update intended to prevent unintended roll-aways after the cars are started—as has been the case for some drivers using remote starters.  

According to a Detroit News story, cracks in some of the vehicles’ circuit boards cause the transmission of “compromised signals that enable inadvertent gearshifts to neutral.” A software reflash, which took six months to develop and test, will fix the problem, Chrysler says.

So far, 26 crashes and two injuries have been attributed to the problem.

GM and Chrysler stated that the fixes will be performed at no cost to vehicle owners.

Atmos Energy Customers Charged 10 Times Too Much

We close this week with a story from televion station KDFW in Dallas-Fort Worth, that concerns Atmos Energy charging some 39 000 customers across eight states who make automated payments as much as 10 times the correct amount.  The company said that one of its credit card processing vendors misplaced the decimal point.

An Atmos Energy spokesperson apologized and stated that the company will, “reimburse [customers] for the overcharges [and] reimburse them for any fees that they might incur from this.”

In a case of exquisite timing, the billing problem occurred right along with the upgrade of Atmos' customer service system, which KDFW says meant “a slower than expected response to the flood of inquiries from angry customers.”

Also of Interest…

Computer Problems Once More Causing Long Delays at Kansas Driver's License Office

Washington D.C. Police Computer Systems Restored After Network Outage

J.C. Penney Coupon Code Creates “Free” Towels and Washcloths Rush

Thousands of AIB, Permanent TSB and Ulster Bank Customers Unable to Access Cash After Bank Card Glitch in Ireland

Software Issues Led to Late Papers at Maine’s Augusta Chronicle

Photo: TriMet

Related Stories

Risk Factor

IEEE Spectrum's risk analysis blog, featuring daily news, updates and analysis on computing and IT projects, software and systems failures, successes and innovations, security threats, and more.

Contributor
Willie D. Jones
 

Newsletter Sign Up

Sign up for the ComputerWise newsletter and get biweekly news and analysis on software, systems, and IT delivered directly to your inbox.

Advertisement
Advertisement