107.1 The Bull linkKFIZ News AM 1450 on Facebook
Listen Live to KFIZ.1 FM
920-921-1071
KFIZ Closings and Cancellations in the Fond du Lac, WI area.  Sponsored by Airtech Heating and Cooling
Korneli Wisconsin
Parade of Homes 2018
KFIZ South Valley Weather Updates
KFIZ social network facebook and Twitter feeds

Newsletter Sign-Up






Captcha Image

Wisconsin Farm Report with Pam Jahnke   WRN - Wisconsin Radio Network
Advertise with KFIZ.1 FM
Edward Jones   Jerry Schneider Band Polka Show 9:00 AM - Noon Saturdays on KFIZ

City Of FDL Water Payment Portal Back Online

16-Jan-2018

The City of Fond du Lac’s system for paying water bills online is up and running again. It was taken down last month after a local credit union contacted the City after 25 of their customers reported fraud on their credit or debit cards over a four-month span. The common denominator seemed to be the payment portal for City water bills. City Manager Joe Moore says the system was taken down and rebuilt. They also notified residents about the possible breach and still aren’t certain if the system had been compromised. Moore says taking the system down was a precaution after they had been contacted by that financial institution. It also gave the City’s customers a chance to check with their banks and credit unions to see if there were any unusual charges on their accounts. The preliminary forensic analysis on the City’s server showed no evidence of compromise or credit card skimming malware. The City also got Payment Card Industry certification and compliance for the new payment portal. The City has about 15,000 water customers and about 14,000 payments on those accounts are made yearly using the water payment portal.  


City Manager Joseph Moore's press release:


We take the trust of our customers and citizens very seriously and that was the reason for the very aggressive approach that we took when a possible credit card security issue arose last month.

On December 12th 2017, the City Comptroller Office was contacted by a local credit union advising them that over the past few months they have had an increased amount of fraud reported on credit union credit/debit cards.  The representative from the credit union stated they had about 150 of their customers that used our payment portal about 25 of them had reported fraud on their cards in the last 4 months.  This in itself isn’t evidence or indicative of a breach.  The City has about 15,000 water customers and about 14,000 payments on those accounts are made yearly using the water payment portal.   Many of our account holders use local banking institutions leading to a high rate of local banks having local payments to our system. 

We immediately contacted our credit card processor who receives alerts on our behalf from the credit card brands (MasterCard, Visa, American Express, Discover, etc.) to determine if there were any reports of compromise involving our portal.  They had not. As of January 15, 2018, our processor has not received any reports of compromise involving the city.  This would be the normal process for credit card data loss reports from the credit card industry fraud departments.

As a precautionary measure, City IT Services took the portal offline until further investigation could be conducted.  Also as a precaution this portal was completely rebuilt with trusted code.  Our completely rebuilt and certified payment portal will be going back on-line for public use on Monday, January 15th. 

During the rebuild, the portal/server and logs were sent off for independent forensic analysis to determine if a breach actually occurred or if it was a coincidence that the credit card users of our system also had fraud from a breach in another business.  As of January 15, 2018, the preliminary forensic analysis on the server showed no evidence of compromise or credit card skimming malware, leading us to believe that we were not a point of compromise.  As mentioned earlier we errored on the side of caution and did do a complete rebuild of this portal and re-obtained PCI (Payment Card Industry) Certification/Compliance of this new portal.

The City IT Services Office conducts normal cyber-hygiene and patches 100’s of new vulnerabilities on a weekly basis on different systems very similar to when you get updates to your cell phones or home computers.  A patch performed back in October 2017 was a very common action that we take on servers and devices daily.  It does not appear that this patch is related to the fraud reported by the credit union.

As you see in the news, most businesses do a thorough investigation which can take months and then notify their customers of the loss of data.  We took a more aggressive approach so that our customers could make sure that they self-protected themselves, even if we were not the cause of their fraud, especially over the holiday seasons.

If you have any questions regarding water payments, please reach out to Eileen Baus at 920-322-3454.

Comments 2
Shari commented on 16-Jan-2018 05:31 PM3 out of 5 stars
As a customer who used that portal, I'm disappointed that a letter wasn't sent directly to those of us who were affected. I learned about it from someone else because I didn't happen to see it online. I canceled my debit card - but a long time after the fact. I won't ever use their payment system again.
Rebecca commented on 17-Jan-2018 12:25 PM3 out of 5 stars
My cards (plural) were both compromised but I cannot fault the City Water website. As they stated, they found no breach. I do use both cards with the City, Kwik Trip, Pick n Save, Festival and Walmart and Starbucks. It could be any one of these merchants that was compromised. It is ultimately the consumer's responsibility to monitor their banking transactions for fraud. I applaud the City for taking an aggressive approach but to send letters to the 14,000 customers that there was a potential and unconfirmed breach would be putting the cart before the horse.
If you use a debit card ANYWHERE you are at risk for fraud.

Please remember a few rules before posting comments:

  • If you don't want people to see your email address, simply type in the URL of your favorite website or leave the field empty.
  • Try to be civil to your fellow readers.
  • Stay on topic. We want to hear your opinions and thoughts, but please only comment about the specified topic in article.

Post a Comment
Required *

- +

 *
 *

Captcha Image
KFIZ Phone: 920-921-1071
All content © 2012 Mountain Dog Media, USA
Web Design and Development by Wyld_Desyns LLC - "Take Your Business to the Next Level!