risks@CSL.SRI.COM (RISKS Forum) (02/08/91)
RISKS-LIST: RISKS-FORUM Digest Thursday 7 February 1991 Volume 11 : Issue 05
FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS
ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator
Contents:
Re: Enterprising Vending Machines (postal) (Jay Schmidgall, Matt Deatherage)
Re: A risky gas pump [IF YOU CAN STAND IT!] (Donald Lehman, James Helman,
Jonathan Clark, Paul S. Sawyer, Christopher Lott, Guy Sherr,
Michael C. Tanner, Michael Van Norman, Barry Margolin)
The RISKS Forum is moderated. Contributions should be relevant, sound, in
good taste, objective, coherent, concise, and nonrepetitious. Diversity is
welcome. CONTRIBUTIONS to RISKS@CSL.SRI.COM, with relevant, substantive
"Subject:" line. Others ignored! REQUESTS to RISKS-Request@CSL.SRI.COM.
FTP VOL i ISSUE j: ftp CRVAX.sri.com<CR>login anonymous<CR>AnyNonNullPW<CR>
CD RISKS:<CR>GET RISKS-i.j<CR> (where i=1 to 11, j is always TWO digits. Vol i
summaries in j=00; "dir risks-*.*<CR>" gives directory; "bye" logs out.
ALL CONTRIBUTIONS CONSIDERED AS PERSONAL COMMENTS; USUAL DISCLAIMERS APPLY.
Relevant contributions may appear in the RISKS section of regular issues
of ACM SIGSOFT's SOFTWARE ENGINEERING NOTES, unless you state otherwise.
----------------------------------------------------------------------
Date: Thu, 7 Feb 91 12:37:24 CST
From: "Jay Schmidgall" <shmdgljd@rchvmw3.iinus1.ibm.com>
Subject: Re: Enterprising Vending Machines (Allan Meers, Risks 11.01)
In RISKS DIGEST 11.03, mjackson.wbst147@xerox.com writes:
> It seems the programmers did anticipate this problem (credit stuck
> in the machine with no means of recovery).
Well, I got to witness a incident quite similar here at my onsite stamp
machine. A person had put in $5 and tried to buy a book of 20 stamps.
Unfortunately, the price was now $5.80 because of the price per stamp increase
and the machine flashed an message "Use exact change" (as an aside, not quite
the response I would have expected, which would have been more like "Insert
additional funds" or some such.) Also unfortunately, the person did not have
an additional 80 with them -- apparently he had just grabbed a fiver to buy
the stamps. Fortunately, someone he knew was around so he asked them if they
had 80. Unfortunately they did not.
When he got back to the machine, I suggested he just buy a book of the old 25
stamps, since it was posted that a purchase was required to get back change.
In fact, it was also posted that a minimum $7 purchase was required to get back
change -- this was a bit unclear as someone had just written it in red ink over
the operating instructions, which were on a roughly 3x5 sticker in small type
on the upper right corner of the machine.
When he tried to get the stamps, the "Use exact change" message flashed again.
He was pretty confused but, having read my RISKS this morning, I had an idea
what was happening. I put in my money to get my stamps (exact change, BTW) and
sure enough, his $5 credit was gone. I got my stamps, explained to him what I
thought had happened and suggested he contact Vending Services to get his money
back. I also fired a note off to the vending person myself, suggesting that
this "feechur" be disabled if at all possible. No response as yet.
Jay Schmidgall RSCS:shmdgljd@rchvmw3 shmdgljd@rchvmw3.iinus1.ibm.com
------------------------------
Date: Thu, 7 Feb 91 13:51:54 -0800
From: <mattd@apple.com>
Subject: Re: Enterprising Vending Machines (RISKS-11.03)
The hotbeds of American technology are not immune to this horrid machine. I
went to the main post office right here in Cupertino, CA yesterday, having
already read the article in Risks 11.01 (happy anniversary!) warning of this
nasty machine. I *intended* to purchase stamps at the window, but made the
mistake of arriving at 4:58 PM -- the service area was already locked, and only
those already inside were being let out. So I went to the vending machine.
Just for fun, I pressed the button for an item without any money in the machine,
and the "SOLD OUT" light *did* illuminate. I didn't take this at face value,
but I decided to risk that there was a roll of 29 cent stamps or two still in
the machine.
Problem: All I had were $20 bills. OK, I thought, even though this machine
had a label on it clearly saying that it will not deliver more than $3.00 in
change, I can put in 3 $20-bills and buy two rolls of 100 $0.29 stamps. Right?
Wrong. It cheerfully accepted my first $20, but rejected the second one with
"CAUTION: USE SMALLER BILLS." Apparently the machine knew that it's most
expensive item was $29 and wouldn't let me insert $40! I had no smaller
bills, and the helpful postal employee in the lobby had a vocabulary limited
to the words "we're closed". Finally, after about 5 minutes of trying to figure
a way out of this mess without having to purchase the entire machine, a postal
supervisor came out and gave me two $10 bills for a $20, enabling me to finish
and be on my way.
(The supervisor, by the way, had only come out to investigate a report that the
machine was not accepting coins, but gave change when he noticed that the
problem I'd encountered had stopped approximately 8 other potentional income
sources from taking their chances with this demonic mechanical contraption.)
--Matt Deatherage, Apple Computer, Inc.
[THIS SERIES OF HORROR TALES IS BROUGHT TO YOU IN THE PUBLIC INTEREST,
ALTHOUGH PUBLIC DISINTEREST IS LIKELY TO ENSUE RAPIDLY. BEWARE. PGN]
------------------------------
Date: Wed, 6 Feb 91 21:20:14 EST
From: dlehman@cyclonic.sw.stratus.com (Donald Lehman)
Subject: Re: A risky gas pump
I remember a setup, similar to what Mr. Grumbine describes, in Sacramento
around 1985 or so. I wish we had something like that around here. I think
this is a case where the benifits outweigh the risks. Unlike voting, buying
gas is something I do relatively often and I want the process to be optimized.
I consider the increased risks (relative to the risks already associated with
credit card puchases) to be minimal.
I respond:
> What verification is there that the card that is authorized is really mine?
None. But my other credit card purchases are not usually validated
either. I think the fair credit acts protect you somewhat.
> What happens if the receipt disagrees with the amount pumped?
Complain. Same as if the human attendant tried to overcharge you.
I would assume that these stations have a human attendant or at least
a telephone available.
> How about if my number is not cleared from the pump's memory and I get
> billed for the entire day's gas from that pump?
This is a risk of any system. The same thing could happen with the
computer at an attended pump. I'm not sure, but I believe that with
modern systems the slips you sign are only looked at if there is a
discrepancy.
> How do I get that receipt if the machine is out of paper? Will is _always_
> know that it can't print _before_ I pump the gas?
I assume these things would be similar to an ATM in telling you if
it can't print receipts, but even if it doesn't, I don't consider it a
big deal. It may mess up your records, but, except for expense accounts,
I can't think of a reason I need to prove that I bought gas. What I
would want is proof that I didn't buy something, but that is practically
impossible.
>Perhaps this gas pump is a harbinger of the 'Americard'. I hope not.
There is a major distinction between the issue of 'Americard'
and credit cards, and that is credit. As I understand it, the
'Americard' is like a debit card in that you don't need to 'agree'
to the charges by paying a bill. Unless you blindly pay what the
credit card company asks, you are protected to some extent. I've
never had to go to arbitration or litigation over credit card items,
so I don't know how powerful the companies may be, but you need to
weigh the risks with the benefits.
Don Lehman | Donald_Lehman@es.stratus.com
Stratus Computer Inc. | Standard Disclaimers Apply
Marlboro, Mass | I speak for myself...
------------------------------
Date: Wed, 6 Feb 91 21:39:45 -0800
From: jim@baroque.stanford.edu (James Helman)
Subject: Re: A risky gas pump (RISKS-11.03)
A similar system is in use in at least one Chevron station on the SF Peninsula
(Belmont). The only difference is that a receipt is always printed, so no
interaction beyond running the card through and pumping the gas is necessary.
Initially, the station attendants were running all around checking things and
said they were having problems. But now it has settled down and is one of the
quicker places to get gasoline.
Personally, I find the convenience to be worth the additional risk. The danger
does not appear to be substantially higher than other electronically entered
transactions, probably less since gasoline purchases are usually modest in
amount and frequency. Perhaps, it's just another good reason to only carry
cards from reputable and responsive banks, just in case of problems.
Jim Helman, Department of Applied Physics, Stanford University, Durand 012
(jim@baroque.stanford.edu) (415) 723-9127
------------------------------
Date: Thu, 7 Feb 91 09:54:29 EST
From: jhc@ulysses.att.com (Jonathan Clark)
Subject: re: risky gas pumps
Completely unmanned petrol (gas) stations have been around in Europe
for at least the last ten years. When I lived in Brussels I used to
patronize them all the time, because:
1) They were open 24 hours a day, 7 days a week; and
2) They were significantly cheaper.
They worked on a bank debit card system (like a money machine card),
and so were just as (in)secure as those. I believe that there was a
maximum amount of fuel that one was allowed to charge in one pass, this
would occasionally lead to drivers of cars with large tanks (V12 Jaguars
spring to mind) having to go through the ritual twice, in order to fill
up completely. As far as I recall one *always* got a receipt.
One of the risks they *reduced* was the possibility of driving away
with the hose still attached to the car. When it's one's own money one
is very careful about closing off the transaction properly...
Perhaps some of our readers currently living in Europe would contribute
some horror stories?
Jonathan Clark jhc@ulysses.att.com, attmail!jonathan
------------------------------
Date: 7 Feb 91 10:20:08 EST (Thu)
From: paul@unhtel.unh.edu (Paul S. Sawyer)
Subject: Re: A risky gas pump (RISKS-11.03)
> [Gas pumps which read credit cards directly] ...
>
>I did not try this 'convenience' out. Just in the time I was pumping gas
>I came up with several _risky_ questions about the process:
> What verification is there that the card that is authorized is really mine?
> What happens if the receipt disagrees with the amount pumped?
> How about if my number is not cleared from the pump's memory and I get
> billed for the entire day's gas from that pump?
> How do I get that receipt if the machine is out of paper? Will is _always_
> know that it can't print _before_ I pump the gas?
>
> There are quite a few that risks readers could come up with. This situation
>does start to merge in to the 'Americard' type of risks as well. Perhaps
>this gas pump is a harbinger of the 'Americard'. I hope not.
> Bob Grumbine
Mobil has been doing this for some time, and it usually seems to work [I only
use my Mobil card on the turnpikes, since they like to charge their regular
customers extra....] They also take debit cards, including some bank teller
cards. The problem is, during the authorization phase, they go for something
like $30-$35. Then, you get $5-$10 worth of gas, and the difference is not
credited until later. [possibly end of day batching?] A local news item told
of a woman who could not get cash from an ATM to buy groceries because she
had just used the card to get gas....
Paul S. Sawyer {uunet,attmail}!unhtel!paul paul@unhtel.unh.edu
UNH CIS - - Telecommunications and Network Services VOX: +1 603 862 3262
Durham, New Hampshire 03824-3523 FAX: +1 603 862 2030
------------------------------
Date: Thu, 7 Feb 91 08:49:33 -0500
From: cml@cs.UMD.EDU (Christopher Lott)
Subject: Re: auto gas pumps
I am responding to the article about gas pumps that take payment;
the author encountered these on the Ohio Tpke.
Maryland has these pumps, and I for one love them. Around here, you
have to pay in advance for non-auto pumps, which in my case means walking
in and handing the attendant my credit card and then leaving it with
him/her for the 5-10 minutes it takes me to fill the truck tank (big tank!).
I feel that the purely human risks of leaving my cc with some joker far
outweigh the tech. risks of trusting the implementor of the pump to have
done the right thing.
Of course I could always use cash! ;-)
chris...
------------------------------
Date: Thu, 7 Feb 91 15:34 GMT
From: NSIL LCM <0004222127@mcimail.com>
Subject: Re: A Risky Gas Pump (devil's advocate)
[comments & disclaimers]
I am not a lawyer, and I do not work at a bank. I am somewhat disheartened that
people simply do not take time to read credit agreements and learn how to
protect themselves. Credit, while not really a friend, can be something of a
robber or "banker in your pocket." I have never appeared in a published article
(and probably won't anytime soon).
[begin response]
It may come as a surprise to our international friends, but it should be noted
that on perhaps the rarest of occasions, proper identification may be required
to complete any transaction with a credit card. The laws governing commerce and
use of demand consumer credit do not place a compulsion before the seller of any
good or service to identify the holder of a credit card as the authorized user.
I personally know of no place, other than a hotel or motel, where the seller is
compelled to discover or validate your identity. Also, in some hotels, credit
issuers agree in advance to a floor limit, which allows the innkeeper to
authorize charges without calling for an authorization (used to be significant,
but has probably decreased with automation). I know these limits exist because
one of my cards was stolen and AFTER it was known to be stolen, it was presented
and accepted for a room (the billing was, I believe, over $200).
Secondly, on the point of agreement between the receipt and the delivery of any
good or service purchased with credit cards, it should be pointed out that every
consumer (in the United States) has the right to dispute any transaction
appearing on his account within 60 days of that charge's first appearance (most
grantors will afford some leeway in this). In fact, the grantor of credit risks
the possibility that the authorized user will dispute valid charges and claim
that the card was lost or stolen. Goodwill and plain honesty go a long way in
the relationship.
Thirdly, given the protection basically held above, receipt failures are not
serious faults. The receipt for expendables like gasoline and food can be
written by hand and used for proof of a transaction (naturally, there is some
penalty for fraudulent receipts which should curb their creation), even to the
point that it is valid for an audit of one's income tax returns. This question
is answered also by the power of a dispute.
Finally, the possibility that a single person might be charged with all the
transactions at one gas pump over a given period is that also where a single
person's bank account should become the target of an ATM gone silly. There is
always that risk, but then there is always a limitation on spending as well.
Banks impose a limit upon an account's daily withdrawls, and upon borrowing with
a credit card.
The real risks of pumping gas are more substantive than economics. Gasoline is
a volatile high explosive. The average car with a full tank has at least the
equivalent explosive potential of 140 sticks of dynamite. A sufficient
discharge of static electricity anywhere on the fragile connection from pump to
filler neck could loose an explosion of no mean displacement (not to mention
during rush hour on a crowded city street).
[end response]
I wish I had something more substantial and helpful to say than "this is a good
list, and I wish I had been reading it before." I don't have, and for that, I
am committing the rest of my life to the pursuit of the Oxford English
Dictionary, if she will have me.
Yours truly,
Guy Sherr, MCI, 12369 Sunrise Valley Drive, Reston, VA 22091 Dept 1076/637
------------------------------
Date: Thu, 7 Feb 91 14:54:33 -0500
From: mtanner@gmuvax2.gmu.edu (Michael C. Tanner)
Subject: Re: A risky gas pump
Bob Grumbine <RMG3@PSUVM.PSU.EDU>, writes about gas pumps that take your
credit card, and don't require signatures, etc.
I've been using pumps like this for some time now. I know there are certain
risks involved, but they are not that great. I accept them in exchange for the
increased convenience.
Some of the issues he raises are easy to address. If it doesn't print a
receipt, you go inside and ask for one and after suitable checking they give it
to you (that's how it works around here, anyway). If the amount is different,
you go inside and talk about it. Etc. Having bought gas this way 50-75 times
in the last 6 months, I have failed to receive a receipt once and had the pump
fail to turn on once. Otherwise, no problems. Not a large sample, I know, and
one bad experience is all it takes, but it looks pretty good.
Another possible risk is that my number gets stuck in there somehow, and
everybody's gas is charged to my card at that pump/station/throughout northern
Virginia/USA for some period of time. But I don't think I'd have much trouble
convincing anyone that I didn't really buy a million dollars worth of gas on
Friday. I'm not convinced this is a real danger.
The only real problem, I think, is that 2 or 3 extra charges per month could
appear on my bill. Since I check carefully before I pay any bill, it's not
likely this would get by me. If it happens once, I can probably get the
charges removed. If it happens regularly it may be more of a problem. So the
real risk is that I get overcharged $20-30 per month, get into a hassle with
the company, and ultimately have a blot on my credit record. My total exposure
is to maybe a $100 or so loss (I can cancel the card and pay it off after 4 or
5 months and have no credit problems). The way I look at it, I run this risk
in simply having the card, whether I accept the credit pump, or have a person
enter the same data into the same computer.
So the way I look at it, I get greater convenience at little or no increased
risk. A nice application of technology, I say.
Michael C. Tanner, Assistant Professor, CS Dept, AI Center, George Mason Univ.,
Fairfax, VA 22030 tanner@gmuvax2.gmu.edu (703) 764-6487
------------------------------
Date: Wed, 06 Feb 91 15:11 PST
From: Michael Van Norman (2) <EGC4MV2@MVS.OAC.UCLA.EDU>
Subject: Re: A risky gas pump (RISKS DIGEST 11.03)
Here in Los Angeles, ARCO has had the same type of service for years.
I have used it for years without any problem. Now in LA you can even
get a hamburger at Carl's Jr. with your ATM card!
> What verification is there that the card that is authorized is really mine?
You enter your PIN after sliding your card through the reader. I
believe that what the authorization entails is a check to see if you
sufficient funds to make a purchase.
> What happens if the receipt disagrees with the amount pumped?
Complain to the cashier.
> How about if my number is not cleared from the pump's memory and I get
> billed for the entire day's gas from that pump?
I have never had this happen (or have heard of it happening) but i have
also wondered about it.
> How do I get that receipt if the machine is out of paper? Will is _always_
> know that it can't print _before_ I pump the gas?
Probably not :)
Michael Van Norman, Library Administrative Computing, 11334 University Research
Library, 405 Hilgard Avenue, Los Angeles, CA 90024-1575 (213)825-1206
------------------------------
Date: Thu, 7 Feb 91 00:40:29 GMT
From: barmar@think.UUCP (Barry Margolin)
Subject: Re: A risky gas pump (from RISKS DIGEST 11.03)
Your tone suggests that this is a new risk. The risks of these gas pumps
are precisely the same as many other uses of credit cards. What makes the
gas pumps any different from credit card telephones? The phones don't even
*try* to print a receipt. And what about giving your credit card number
over the phone to a mail order house? In general, the risk with all these
is that most credit cards don't have a PIN, even though they're being used
more and more for such automatic transfers. But even a PIN won't solve the
"reuse" problems that you identified; to solve these, you generally need a
challenge/response authentication system, probably involving a smartcard
rather than a simple credit card.
> What verification is there that the card that is authorized is really mine?
None. However, if you dispute a charge, the bank will generally remove it.
Your liability is only $50 for charges made on a stolen credit card, and
I think you have no liability for purchases made after reporting the card
lost or stolen.
> What happens if the receipt disagrees with the amount pumped?
I'd go to the attendant and get a refund of the excess charge.
What happens if the pump claims to have delivered more gas than it actually
has? How would you even know, so long as the claim was within a gallon of
your expectation? This relates to a misc.invest discussion I recently
participated in, regarding balancing one's checkbook; someone asked whether
I really trust greedy banks to properly maintain my balance. I didn't
reply, but I was thinking: if they wanted to screw me, they'd be much less
likely to get caught if they skimmed from my interest payments rather than
play games with my deposits and withdrawals, as I'm unlikely to verify
their interest calculations. So I *must* trust them.
> How about if my number is not cleared from the pump's memory and I get
> billed for the entire day's gas from that pump?
Complain and have the charge removed. I don't think any bank would give
you a hard time if you were to dispute a charge for thousands of dollars of
gas from an ordinary gas station.
> How do I get that receipt if the machine is out of paper? Will is _always_
> know that it can't print _before_ I pump the gas?
Who knows? I think my bank's ATM warns about not being able to print receipts.
Barry Margolin, Thinking Machines Corp. {uunet,harvard}!think!barmar
------------------------------
End of RISKS-FORUM Digest 11.05
************************