POLi, Air New Zealand, and Credit Card Surcharges

Air New Zealand plane on tarmac
Air New Zealand. Crazy about rugby… and surcharging customers

Air New Zealand is a quality brand. I like their in-flight snacks, don’t mind paying slightly more for their reputation of reliability compared to their domestic route competitor JetStar, and I appreciate their creative safety videos and the fact they are slightly more interesting to watch multiple times.

Then there is POLi. POLi sounds friendly.

If you can use POLi, it saves you from Air New Zealand’s excessive credit card surcharge fees by letting you use a bank transfer to pay for flights. You can’t use it if you’re in New Zealand and have a Mac. This rules me out. Apparently the Australian POLi now works with Macs fine.

ASB and BNZ </3 POLi

Last year banks started warning against using POLi because how it operates to verify you are actually paying Air New Zealand and friends is a bit suspicious.

Interestingly, Air New Zealand isn’t even listed in that Stuff article, even though they’re likely the biggest company using POLi in New Zealand, and are featured on POLi’s website.

Providing your log in details to a third party will be in violation of the internet banking terms and conditions you’ve agreed to, and potentially opens you up to being liable for losses.

There is the possibility of an additional motive going on here: banks sell credit and debit cards, and those cards make them money. POLi is quite an attractive alternative because it saves you something like $8 on a return domestic flight.

Air New Zealand’s Surcharging

This surcharging is extortive, misleading, and unlike airplanes that come on time, Peter Jackson spoofs, and free-but-not-really-free cookies, doesn’t endear Air New Zealand to me. Especially on domestic flights.

It’s presented as a transaction charge to recover costs (“Air New Zealand needs to recover this cost”), but it gets charged multiple times in the same card transaction. When I pointed this out to Air New Zealand they ignored me.

Air New Zealand pay something to accept credit cards, but that is not $4 per person flying, per direction they are flying. Instead of passing on the percentage they are actually charged, which Bernard Hickey’s industry experts say would be less than 1%, they charge a fixed fee multiple times in the same card transaction.

A group booking shows how ridiculous this gets. I once flew with a dozen or so people, and each person was charged $4 there, and $4 back, even though the flights were booked over just two transactions. To their credit Air New Zealand refunded close to $100 of fees after I called them.

Air New Zealand even issued a press release in 2008 chastising Pacific Blue for, among other things, their $4 per sector card surcharge because Pacific Blue offered no alternative payment. Kind of like what Air New Zealand does to Mac users. Or what they do to anyone following the advice of banks. (I’m ignoring Airpoints and Travelcard as payment methods because they aren’t accessible forms of payment for a lot of people.)

The ComCom have “investigated” the matter, concluding that the “card payment fee is used to recover all of the direct and indirect costs associated with credit cards payments.” The key word here being indirect, I think.

To be fair to Air New Zealand, JetStar charges $5 per flight for card transactions, but let’s be honest, JetStar are a hot mess, and Australian, and you shouldn’t be booking with them anyway.

Either way, it’s interesting to see these surcharges creep up over time, for cost recovery purposes, I’m sure. Are the airlines poor negotiators when it comes to their merchant agreements? I wouldn’t think so.

To quote ex-Air New Zealand Chief Operating Officer Andrew Miller: “research feedback shows customers are keen for… one easy to understand price with no added levies to the fare”.

Tomorrow: Ticketek, Ticketmaster and their fees (including the emailing-you-a-PDF surcharge). Maybe. Probably not.

Image credit: me

Financial Advice

Money

Here is a New Zealand Herald article that contains some shitty and some good advice about money.

Thumbs down

Buying over renting

Buy property young, preferably in your 20s. Move heaven and earth to get the deposit. Rent is wasted money.

Buying a house is not for everyone. Sometimes it doesn’t make financial sense for a particular person. Insurance, rates, money spent on repairs (~$5k~ a year) etc. sometimes make renting a better choice. Run the numbers.

Avoid fines

It’s moronic to incur fines. Like the maniac driver in a big red American-style pickup truck who overtook me on State Highway 2 on December 17, just to be pulled over and fined.

Yes, you shouldn’t speed etc. etc., but this doesn’t contain any useful advice if you do get a fine. Actual advice would be to set up an automatic payment account to a ‘Stupid mistakes’ savings account so you have money to pay inevitable fines.

NEVER SPEND MONEY EVAAAA

Every dollar is precious. Think before you spend it.

I regret frittering money on coffees and unnecessary eating out. It would be better to direct that money towards savings.

Needs and wants are often confused. This is perhaps the biggest financial mistake that people make.

If you enjoy a coffee a day, buy a coffee a day. If you enjoy eating out, eat out. There’s no point earning money if you don’t spend it on stuff you love. Cut back on the stuff you don’t care about, optimize existing spending (subscriptions and phone/internet/TV/power etc. plans) and/or earn more money.

Have a budget!!@@111

Track your spending. You can’t budget if you don’t know what you’re spending.

Perhaps the most popular piece of financial advice ever given out. How many people who write this actually do in it in practice, I’m not sure. Tracking your spending by typing into a spreadsheet or basically anything with mainly manual entry is doomed to fail. Xero with BNZ and ASB by itself both offer spending tracking services within online banking. Or, Xero allows the import of other bank’s transactions. Do mainly electronic transactions (because they can automatically coded into categories) and use these.

Credit cards

Credit cards make you look rich. Anyone can live well for a few years, but the debt catches up.

Credit cards with benefits that are automatically paid off each month are excellent.

Thumbs up

Judging people

People are too quick to judge others’ financial decisions, me included.

1) No one wants unsolicited advice. 2) You have your own problems to worry about.

Pay bills

Pay your taxes on time. The IRD has a big stick.

Pay all bills on time. Automate them. The IRD and other companies are always up for negotiation around deadlines.

Experiences

Spending money on experiences is good spending. I am eternally grateful that I sold all but one of my shares at age 22 (by coincidence in August 1987) and went backpacking through Latin America. It’s good spending if the experience enriches life.

Yes. Also, give experiences as presents instead of physical things.

Save for things. Automatically.

Save before you buy. A bit of a radical concept in 2011, but it can change people’s financial future.

Enter into interest-free deals cautiously

Interest-free hire purchase deals are for suckers. You still pay ad establishment fee and the majority of people fail to clear the debt on time and pay interest anyway.

These places invariably have great clauses such as charging you if you pay anything over the set monthly amount. Once you’ve finished paying the item off you get mailed offers from the company for ever and ever.

Avoid interest

Interest payments on personal loans, credit cards and HP are “idiot tax”. Why throw money away unnecessarily?

Work out how much something will really cost when interest is added before jumping into these. There’s calculators online that will help.

KiwiSaver

KiwiSaver is good.

Get in it.

Advice

Take your advice from people who have been through several cycles. Johnny-come-latelies going through their first financial cycle underestimate the risks.

Ask older people what they would have liked to have known at your age. What would they save for if they could turn back the clock?

Read a book

You can learn more about money. The easiest and cheapest way to improve your knowledge is to get a book out of the library.

Image credit: 401k/401kcalculator.org

The Life of a Spam Email

Cans of spamA group of researchers have published a very interesting paper: Click Trajectories: End-to-End Analysis of the Spam Value Chain (pdf). Using three months of spam data and by purchasing over 100 products advertised by spam emails, the researchers followed the life of a spam email and investigated where the money from purchases actually goes. They found that the people behind 95% of spam-advertised pharmaceutical, replica and software products are using just a handful of banks for their merchant services. Anti-spam efforts focus on the delivery aspect of spam, but there is potential for the quantity of spam to be significantly reduced if the banks the spammers are using are targeted.

Purchasing from spam emails

The researchers collected spam-advertised URLs and data about the hosting infrastructure and DNS of the spammed websites. They grouped the sites by content structure, category of goods and affiliate program and/or storefront brand. The most popular goods advertised in spam: pharmaceuticals, replicas and software were focused on. Pornography and gambling weren’t focused on for “institutional and procedural reasons”.

Purchases were made from each major affiliate program or store “brand” and they tried to order the same types of products from each site to try to gain insights into the differences or similarities in product suppliers that are used. A specialty issuer of prepaid Visa cards teamed up with them and let them use a different card and obtain the authorization and settlement records for each transaction. For legal reasons pharmaceutical purchases were limited to non-prescription goods like herbal and over-the-counter products. Software purchases were limited to products which the researchers already possessed a license for.

120 purchases were made, 76 of which were authorized and 56 of which were actually settled, though half of those failed orders were from one affiliate program which researchers attribute to the large order volume raising fraud concerns.

The honest spammers

A finding I found interesting from the paper is that the likelihood is quite high that you’re not going to be ripped off when ordering through spam emails.

Out of the 56 “successful” orders, 49 of the products were delivered and received. Only seven of the products weren’t delivered. Out of those seven: four sites either sent packages or said they’d send packages after the mailbox lease had ended, one said that the money had been refunded (however the refund hadn’t been processed three months later). Only two “lost” orders received no follow-up email.

The researchers explained the reasoning behind actually fulfilling orders would be so the site would get any potential repeat orders and because their relationship with payment providers could be jeopardized if chargebacks were made by customers who didn’t receive items.

Update: One of the researchers, Stefan Savage, confirmed to me that none of the Visa cards used on the spammed sites were subsequently used fraudulently. It also looks like the pharmaceutical products were legitimate. He says “we only ordered a small subset of goods so any results aren’t representative.  However, we did some limited mass spec testing of a few pills against reference samples and the active ingredient was found to be the same and in a similar proportion — note we only tested for the active ingredient and didn’t look at things like binders, contaminants, etc.” Software was pirated, but malware free.

Research done by F-Secure supports this: almost all of their goods ordered from spam emails were delivered, none of the credit cards they used for orders were “stolen” and email addresses used to order the goods didn’t receive an increase in spam.

New Zealand’s fulfillment role

By volume, most herbal products shipped from the United States, but China and New Zealand were also in the mix.

Spam Shippers

A Christchurch based company turned up in results—Etech Media Ltd. Ironically, this: Etech Email is the email address listed in their whois record.

Perhaps unsurprisingly, the company in question and its owner aren’t new to the spam game. Sole shareholder and director, Shane Atkinson was fined $100,000 in 2009 for sending spam under the name ‘Herbal King’. His occupation listed in the 2005 electoral roll was “pro spammer”. The Herald “understands” that Etech Media’s office was one of the addresses searched in spam raids in 2007. In 2003, Shane admitted to sending up to 100 million spam messages a day, that spamming allowed him to have a nice car and house and said he “had no qualms about it”. “In a later interview, Atkinson said he had given up spamming.”

Perhaps not entirely?

I’ve emailed Etech Media to see if they’d like to comment.

The spam bottleneck

The researchers tried to identify bottlenecks in the spam value chain—stages where few alternative options are available and ideally where switching costs for spammers are high. Which intervention would have the most impact?

For the 76 authorized transactions, there were only 13 banks acting as “acquirers”. Herbal and replica purchases generally cleared through St. Kitts & Nevis Anguilla National Bank. Most pharmaceuticals through Azerigazbank in Azerbaijan and DnB Nord (Pirma) in Latvia. And most software purchases through Latvia Savings in Latvia and B&N in Russia.

Spam BanksThe researchers say that the banking/payment component of the spam value chain is the most critical. Payment infrastructure has “far fewer alternatives and far higher switching cost”.

  • Only three banks provided payment services for over 95% of the spam-advertised goods in the study:

    Spam Bank Stats

  • There are only two main payment networks in Western countries—Visa and MasterCard.
  • The replacement cost of a bank is high in setup fees, time and overhead. Acquiring a merchant account requires a lot of coordination and time. Banks used by the major affiliate programs were either still the same four months later or had changed to another one in the set identified above (only one new bank appeared four months later—Bank Standard in Azerbaijan).

Perhaps a solution is for banks that issue credit cards in Western countries to refuse to settle certain transactions with banks that support spammed goods with specific Merchant Category Codes when the card is not present. All software purchases were coded as Computer Software Stores and 85% of all pharmacy purchases were coded as Drug Stores and Pharmacies. There were some exceptions however “generally speaking, category coding is correct”. “A key reason for this may be the substantial fines imposed by Visa on acquirers when miscoded merchant accounts are discovered ‘laundering’ high-risk goods.” Similar policy has been implemented with MasterCard and Visa not allowing US-based customers to transact with online casinos.

The paper concludes: “the payment tier is by far the most concentrated and valuable asset in the spam ecosystem, and one for which there may be a truly effective intervention through public policy action in Western countries.” However spam is probably profitable for banks and payment processors too, so they might be hesitant to do anything about it.

How much spam do you receive at the moment and how much makes it to your inbox? Do you know anyone who has bought something through a spam email?

Image credit: freezelight

Whoops

Labour leak index

Labour accidentally left a server open for anyone to have a look around, and people looked. Using a website that checks what other sites are hosted on a specific web server, Cameron Slater (Whale Oil) says he found that Labour’s healthyhomeshealthykiwis.org.nz was hosted on the same server as lets-not.co.nz. Healthyhomeshealthykiwis.org.nz turned out to list the files and directories on the server. Drilling down, Cameron found that backups were on the server which contained records of donations and email addresses from Labour’s mailing lists. He explains further in a video on this post.

Stealing?

Comparisons to someone stealing something from an unlocked house (or in one comment I read, looting quaked houses in Christchurch) seem misguided. This is more like someone from Labour standing on the street and accidentally including email addresses and donation information in handouts.

Release of personal information

Cameron was going to, but now has said he won’t release the personal information of individuals obtained from the server, a decision which I support as there is no public interest in identifying the Average Joe donator or mailing list subscriber.

Labour leak site indexNational’s involvement

John Pagani (former senior adviser to Labour leader Phil Goff) was apparently given access to the logs (I’m not sure why it seemed like a good idea to Labour to further spread the access logs, complete with IP addresses) and says that the second IP address to access one of the backup files was 202.20.0.120 which resolves to mail.national.org.nz—a National party mail server. So if that’s true, National knew of the security hole in Labour’s website. In the perfect world, even though it’s not their job to, they would have informed Labour, but apparently chose not to. John continues that the logs prove that National tipped Cameron off about the gaping security hole as Cameron appears to be the next person to access this specific backup file. This is plausible, but isn’t proven by the logs. Neither of the above excuse the fact that the server should have been secure to begin with.

Credit card information

Labour says that “no credit card details were held on the site. All people whose privacy may have been compromised have been informed.”

Flo2Cash who handle Labour’s credit card payments say: “All donor credit card data is fully encrypted… the Flo2Cash system… is completely isolated from the Labour Party website… the recent Labour Party website breach has not resulted in any compromise of donor credit card data.”

Do you think National should have let Labour know about the security hole, or, if they did: tip Whale Oil off about it?