Peter Mugridge
Veteran Member
Only the Monarch is exempt from having to display a number plate.
-
Our booking engine at tickets.railforums.co.uk (powered by TrainSplit) helps support the running of the forum with every ticket purchase! Find out more and ask any questions/give us feedback in this thread!
QR code scam in station car park
- Thread starter geoffk
- Start date
- Status
Sponsor Post - registered members do not see these adverts; click here to register, or click here to log in
R
RailUK Forums
Revilo
Member
- Joined
- 13 Jan 2018
- Messages
- 283
What is an Equal BIK?
Apparently, it is the Lord High Commissioner to the General Assembly of the Church of Scotland who has this vehicle number plate privilege during the Assembly (about a week). They are the monarch’s representative to the event.
BIK = Benefit in Kind
BIK = Benefit in Kind
The North Briton
Member
- Joined
- 28 Feb 2009
- Messages
- 203
To be pedantic, a BIK is something of monetary value other than money (and usually taxed as such). What you are describing is simply a benefit, or a privilege, if you will.
AlterEgo
Veteran Member
Did you hear this down the pub? That’s demonstrably untrue.
That sounds more like it.
Very clever scam which sort of really makes QR codes useless for any payment flow invitation. You could also easily do this in pubs and restaurants which have order at your table.
These QR codes when genuine rarely go to the companies site, but some 3rd party (often thru a URL shortener). So basically impossible for an end user to verify if the webpage/app is genuine.
And unlike most other scams, you're already expecting to pay for something and put your credit card details into whatever comes up.
These QR codes when genuine rarely go to the companies site, but some 3rd party (often thru a URL shortener). So basically impossible for an end user to verify if the webpage/app is genuine.
And unlike most other scams, you're already expecting to pay for something and put your credit card details into whatever comes up.
What about cash?This from BBC News:
Thornaby: Woman targeted in £13k railway station QR code scam
Rail firm TransPennine Express has since removed QR codes from all of its station car parks.www.bbc.co.uk
My main purpose in posting this is to ask whether there was a card payment option at this car park (in which case a QR code is not needed)?
Surely all car parks should have a card payment option (whether on the railway or not)?
Bumblerail
Member
Some places still live in the real world. At Bangor recently I paid cash at ticket office for station car park.
I refuse to go to any business which requires entering your number plate into a machine which is enforced by ANPR.
Except for hotels, because there is a record of my stay, though still not preferred and I would have second thoughts about staying there again if I was driving.
In general I prefer to park in places with no restrictions in the first place, I will happily walk a reasonable distance to avoid paying for parking or parking in a place with time restrictions.
Displaying a static QR code on a sign anywhere that isn't continually attended is asking for trouble.
Except for hotels, because there is a record of my stay, though still not preferred and I would have second thoughts about staying there again if I was driving.
In general I prefer to park in places with no restrictions in the first place, I will happily walk a reasonable distance to avoid paying for parking or parking in a place with time restrictions.
Displaying a static QR code on a sign anywhere that isn't continually attended is asking for trouble.
ChrisC
Established Member
When reading through Tripadvisor reviews before booking hotels, car parking penalty charges does seem to be a regular complaint about many hotel stays.
It's almost impossible to rig contactless to scam someone. It's completely different to the normal method where the magnetic strip is read.
Exactly what Zero said at 07.31. I will walk to avoid Big Brother operations, which also provides exercise, something else lacking in todays world. None of anyone's business what car I have.
The other problem is that hotels/TOC's farm out the car park business to an entirely separate company who have no interest in the nature of the business the car park is provided for.
The other problem is that hotels/TOC's farm out the car park business to an entirely separate company who have no interest in the nature of the business the car park is provided for.
Joys of a digital society and where everyone seems to want to get rid of cash too, guess the more we go online/digital etc, the more frequent this will happen
pokemonsuper9
Established Member
For now, I bet someone will find a way eventually.
It might be difficult or clunky but you only need 1 person to fall for it and it's profitable.
I personally barely work with cash now, the last time I probably used cash was months ago in a 2p machine in an arcade.
While I have experience of using the SWR TVMs for paying for parking at Basingstoke station I did hear fairly recently that Woking's station carpark is now online ticketing only. I'm happy to use RingGo, but appreciate that many others are not. One of the actual benefits is that you can extend the parking time remotely, if delayed in returning to your car.
Another benefit is getting reminders of upcoming expiry time.
Another benefit is getting reminders of upcoming expiry time.
The human element is far more exploitable than the technology these days. The card generates an authorisation code that is unique per transaction and even full access to the card for short periods is insufficient to clone the chip. Contactless has made it so people are much more wary about physically parting with the card too.
Full access to a parking machine you could redirect payments, but in practice the time to design, install and likelihood of discovery before any significant revenue means it's not a worthwhile scam. QR codes on the other hand it's easily replaced and unless someone is tasked with scanning to check they haven't been tampered with could be in place for months before anyone notices.
Indeed, and one wonders about them being enforceable in many situations.
the legitimate apcoa connect app is so awful it feels like a scam
as someone with a background in computer security its officialness always felt slightly off to me
what the hell is apcoa? why has it not at least been white labelled with the train company's branding and behind e.g. thameslinkrailway.com
the surprise is it took the scammers this long to notice
as someone with a background in computer security its officialness always felt slightly off to me
what the hell is apcoa? why has it not at least been white labelled with the train company's branding and behind e.g. thameslinkrailway.com
the surprise is it took the scammers this long to notice
Last edited:
Vespa
Established Member
If you're given a QR link, there must be a way to verify the URL such as the Https and the SSL to check the authenticity of a website you're taken to.
I have avoided pay by app parking out of principle.
I have avoided pay by app parking out of principle.
Bletchleyite
Veteran Member
Ironically because the known app resides on your phone it is more secure than literally every other payment method.
Kite159
Veteran Member
And where the parasite company is only interested in making money from parking invoices rather than car park management.
ANPR won't stop someone parking lengthways across multiple bays, won't stop someone misusing disabled parking spots.
All it does is cause issues when trains get delayed as someone getting picked up can easily trip over the 'X minutes free parking' rule (to such a point where they park elsewhere only coming to pick up once the train arrives).
theageofthetra
On Moderation
- Joined
- 27 May 2012
- Messages
- 3,519
And of course won't detect cloned or fake plates
Are you really going to notice someone setting up gtr-parking.com vs parking.gtr.com (say if that was the real domain?) when you're in a rush? The SSL means nothing, you can get it for any domain.
Bletchleyite
Veteran Member
Depending on the layout it can do this, though it requires the disabled users to register their blue badge with the TOC, which Chiltern appears to do anyway, and requires a separate entrance/exit to the area so they can have ANPR on the way in and out.
This I do find to be silly, 20 minutes isn't really enough. At most stations an hour would be fine, people don't make train journeys that quick.
Vespa
Established Member
Oh yes I always triple check URLs, when you're in a rush that's when scams works, if I get a link I'm not familiar with. I always pause and check it out first, go on trustpilot and whocalledmeUK to verify, I never take voice calls my family and friends knows I prefer texts and whatsapp and to date
I have managed fine without voice calls.
Best solution is to copy Chiltern's solution of ANPR and pay at the TVM, easy way to ensure that cash is still accepted.
Mobile parking is good but I'd like to see it within the operator app and major ticket resellers (Trainline particularly) to give it some level of authenticity.
For those ANPR-weary, the camera which scans the number plate is usually low down at the entrance, they don't continually track you around the car park (yet...). The current level of tracking is no different to the take-a-ticket car parks.
We can't expect people to investigate every single URL when they pay for parking.
Mobile parking is good but I'd like to see it within the operator app and major ticket resellers (Trainline particularly) to give it some level of authenticity.
For those ANPR-weary, the camera which scans the number plate is usually low down at the entrance, they don't continually track you around the car park (yet...). The current level of tracking is no different to the take-a-ticket car parks.
Exactly. Both gtr-parking.com and gtr-parking.co.uk are currently to available to purchase and wouldn't be a red flag unless you knew the actual URL.
We can't expect people to investigate every single URL when they pay for parking.
Unless the TVM doesn't take cash...
2G isn't being switched off until the 2030s, it's 3G that is on its way out shortly, but I gather it has caused issues with some machines (and griping when the "solution" is to remove the machines and insist on pay by phone)
Or machines that take card payments and don't have complicated mechanisms that can fail, or coin boxes that fill up and need collecting and processing at significant cost.
There is a lot to dislike about the pay by phone schemes. I've not parked at a rail station car park in a while. Do they still charge a fee on top of the advertised parking price?
And some of the newer banks automatically disable the mag stripe, requiring manual activation when needed (though is it needed anywhere anymore?)
This was supposed to be the use case for EV SSL wasn't it? (people may remember that their address bar would go green / show the name of their bank when accessing online banking). Now deprecated.
Bletchleyite
Veteran Member
I think most people prefer text based communication these days, you seem to very rarely see someone using a phone to, er, phone. However, I don't think taking a voice call is a threat to anyone's security in and of itself - simply don't ever give any personal details to anyone who calls you, and if they claim to be your bank simply tell them you will call back using the number on your card.
(There was a scam relating to this where they would leave the call open and you'd end up still talking to the scammer, but it can ONLY happen with a landline - with a mobile, if either end ends the call it does end, whereas with a landline the placer of the call has to end it - yet another case where the "tech" offers a more secure solution than the traditional situation)
I know there's an obsession with paying by cash on here, but the number of people who run a car and don't have a payment card is going to be somewhere around zero - it doesn't have the same "very poor people*/children" issue the sale of rail tickets does. There will be people who PREFER cash, but almost none for whom cash is the only option.
Requiring phone payment alone is, despite the fact that I prefer paying that way for both tickets and parking, a different thing that I am not in favour of, as it's confusing to many. Simply paying by debit card is not confusing to anybody**, really, and those paranoid about contactless can use Chip & PIN if that is offered.
* Parking in railway stations where there is a charge tends to be costly, with prices typically in the £5-£15 per day range (with some odd cheaper ones to "nudge" people into using them over another local one that gets much busier - Aylesbury Vale Parkway is one at I think £3 and free on Sundays), so railway stations are not typically going to be places poor people park because doing so will likely cost them many times the cost of the fuel to get there. It sort of sits with the M6 Toll, where card is the only payment accepted.
** Or rather if your mental faculties are such that you can't manage to push a card in and key a 4 digit number, they are probably also such that you should not be driving at all. Though from observation I don't entirely doubt such drivers do exist.
Last edited:
- Status