Possible hacking in the recharge of the public transport cards of Zaragoza: you paid 10 euros and you were recharged 50.

The local zaragozana press has dawned this Friday with headlines as forceful as the one that showed El Periodic de Aragon: “Massive fraud”.

We would be talking, according to the newspaper, of an “uncontrolled hacking” that is allowing, through a mobile application with NFC, the recharging of fraudulent transport tickets for the use of urban buses and the tram of Zaragoza undetectable by the inspectors who monitor the fraud.

Almost 400 cards would have been involved in the fraudulent reloading of balance to spend on public transport in Zaragoza.

Specifically, according to data collected by the City Council of Zaragoza, this fraud would involve 300 citizen cards, an identification for those registered in the Aragon capital that allows payment of different municipal services, and 69 Lazo cards, a card similar to the citizen and available for those not registered in the city.

The dimension of what happened is “incalculable”.

From the consistory zaragozano have explained that since late last week spread a rumor in the city, especially in the university area, about the offer to recharge the citizen card at 20% of the cost. If you wanted to top up 50 euros, for example, you only had to pay 10 euros.

The matter will be reported to the police after a meeting between Zaragoza City Council and Hiberus Technology, the company responsible for the operation of these contact fewer cards. It is not the first time that these rumors had spread throughout the city, explain since the Argonne edition of eldiario.es, and in the second half of last year were recorded at least 75, according to municipal sources cited by El Periodic de Aragon.

They would have recharged up to 200 euros in the same card

These media assures that both the municipality and the company responsible for the cards “have tried to minimize the scam” by revealing those possible 300 cards involved in the detected “incidences”, but that nearby sources maintain that the dimension of what happened is “incalculable”. In addition, according to El Periodic de Aragon, citing more sources, the two people responsible for the scam have been located, with a large group of young people being the “collaborators” and in charge of “spreading the word” and searching for “possible clients”.

The usual thing, explains the local media, was to charge 10 euros in exchange for recharging 50 euros of balance that could be spent on urban buses and the tram of Zaragoza. However, they claim that up to 200 euros had been injected into the same card in several operations. The application supposedly capable of carrying out the hacking could also be acquired for 300 euros.

If the recharge was valid, it should be recorded in one of the machines that performs them legally.

The only way to carry out the control on the loaded amounts is through the validations in the modes of public transport. When one of these fraudulently reloaded cards was used on a bus or tram, the increase in the balance over a previous validation is recorded. If the recharge was valid, it should be recorded in one of the machines that performs them legally. In addition, if the balance difference between validations is very significant, the system automatically creates an alert signal for the recharge to be checked.

Zaragoza City Council has explained that all cards with detected incidents do not necessarily have to be related to the possible fraud in the investigation. However, those that have been fraudulently charged, once the fact has been confirmed, will be cancelled.