Auckland City is referring all enquiries about how its carparking systems were compromised, leading to the reissue of thousands of credit cards, to Westpac, which is leading the investigation into the incident.
Spokesman Glyn Jones says the council "hasn't been told conclusively" whether skimming or hacking were used to breach customer security. The banks are conducting the investigation into the incident, he says.
Skimming involves fitting fake card readers to ATM and other machines that accept card payments whereas hacking involves accessing back end systems that hold payment data.
Earlier today, a note on the Public Address system website indicated the city's PCI credit card certification was "under serious review".
"Basically, internal systems at Auckland City have been compromised," the leak, attributed to "Mr A. Source", said.
However, Jones says the council has had no indication from the banks that is the case.
"We operate these machines subject to the conditions of the banks," he says.
Those requirements are and always have been met to the best of his knowledge, he says.
Jones says everyone who has been or has potentially been compromised has been or is being approached by the banks.
Users of the Downtown council carpark are having their credit cards replaced due to the breach. Jones says there are no indications other carparks have been affected.
Westpac's Craig Dowling says the investigation into the incident isn't finished and the cards of all people potentially affected are being replaced.
Update: The New Zealand Herald has raised the possibility of a spoofing attack being behind the incident.