Nearly a year since a flaw was revealed in NZ Post’s “Prezzy” Visa card, the card is still open to misuse.
In January, Computerworld ran a story about a user who was able to make multiple online purchases that exceeded the value of the card’s credit.
Prezzy cards can be purchased at any NZ Post shop in amounts up to $500. But there is no need for the purchaser to register the card, so anyone can buy anonymously online above the amount deposited, leaving the retailer to carry the cost.
A Wellington businessman recently returned from an overseas trip tells Computerworld he used a Prezzy card for incidental expenses at a hotel, which exceeded the value on the card. He will, he says, recompense the amount but is concerned that anyone can do this.
A NZ Post spokesperson says the card conforms to Visa operational rules.
“If the merchant is offline, they need to make a phone call to check the balance,” she says.
“If they don’t, they wear the loss. “These are standard Visa rules.”
In January, Computerworld reported Tony Hughes, of Hastings, had discovered the Prezzy card’s inadvertent “overdraft facility” when buying tracks in Apple’s New Zealand iTunes music store. Hughes says he only had $3.80 left on his card of the $30 originally deposited on it, but found that the balance didn’t change after he had paid for purchases.
He then tried another online retailer with a smaller transaction, and again noticed that the balance didn’t change. Hughes then put through a transaction for an amount larger than the remaining balance on his card and was surprised to discover that the purchase was authorised by the online retailer.