By Sofia Banzhoff
Remember victim 555? The student whose lunch money Roeland van Beek once used by falsifying their Dining Hall debit card, and eating a “free lunch”? If you need to refresh your memory, check out Columni in the Boomerang of last October. Maybe you now watch your balance more closely than your Facebook newsfeed, or did you only check your own card, relieved to see it was not number 555. Whatever your reaction, you might be among those who wonder: How did this happen in the first place?
When Sodexo became the UU-wide caterer, it was asked to work with a card system for the students living on campus. During the card distribution phase, second-year Rens Bakker realized that the cards could easily be duplicated. To prove his point, he faked his own card and used it successfully. He alerted College Hall of the possibility of hacking the system, and UCU’s Managing Director Bettina Nelemans communicated this to Sodexo the same day.
To prevent abuse of the cards, the caterer then started to check the cards daily for unusual activity, e.g. the same account being used twice for one meal. However, Sodexo did not – and does not – have any plans to change the system, Nelemans said. “Whatever you do, there will always be people smart enough to break into the system,” was the response she got from Sodexo.
Another way to make sure nobody is stealing our lunch money is by checking the receipt we get after every DH purchase, which shows the old and the new balance.
“The students should keep track of their balance anyway, since the 750€ have to last until the end of the semester,” Nelemans says. But it is not easy to notice a 5€ “irregularity”. Also, since students have never been officially notified of the necessity of closely checking their balance, not all of them take their receipts. How can this ‘checks and balances’ system truly work when we are not even aware that we are a part of it?
Safety comes at a price
A system as simple and thus as easily to bypass as the current one was chosen to keep the costs down. “At the end of the day, if you introduce a more complicated system, the students will pay,” Nelemans says.
Nelemans has suggested Sodexo print their logo on the cards, perhaps behind the barcode. But there are no plans for further security measures, such as the UCSA Board’s suggestion to link the accounts to our XS-cards. “We still strongly believe that a more secure system should be implemented,” says UCSA Secretary Valeria Boers.
So we have to ask ourselves whether this is enough or whether we want to pay more for a safer system, and our peace of mind.
Security above transparency?
But why didn’t we hear about this before?
“In line with the principle of responsibility, we did not think it was a good idea to inform the students,” says Boers. The UCSA Board thought that this would have only provided incentive to falsify the cards, “with no added benefit for students.”
Both Nelemans and Boers believe that they made the right call in not informing the students. This whole issue seems to be another trade-off between transparency and security.
According to Boers, there is no official policy on when the student body needs to be informed about certain issues. “We haven’t been faced with many situations like this.”
Generally, College Hall favors informing students. “We try to be as transparent as we can,” Nelemans says. “We do think that we have a feel for what’s going on on campus.”
“There are knives in the Dining Hall and luckily enough, people don’t just grab a knife and stab other students,” says Nelemans. “In a way the card is protected by the trust and goodwill of the students, which defines our community.” Seems like all we are left with is the hope that each and every one of us lives up to these high expectations.