This is one of the first major fraud where a card skimming device has not been attached to a cash machine, Infosecurity notes, and highlights the fact that a number of automated terminals are now looking for PIN codes as authentication on card transactions.
This reflects the fact that these payment terminals have previously been used by criminals as a way of checking whether a cloned or stolen card is still operational and can be used fraudulently.
According to reports on the New Zealand newswires, an IT security and fraud analyst was told by the ASB Bank that his new credit card was one of more than 100 000 Mastercard and Visa cards the banks were replacing because of the skimming fraud.
The council-owned car park in Auckland - which is used by around 10 000 people a week - appears to be at the centre of the card fraud, but, as normal under Visa / Mastercard security and fraud rules, the banks are not saying anything about the scale of the problem.
New Zealand Bankers' Association chief executive Sarah Mehrtens is quoted as telling the New Zealand Herald that, under the standard banking code of practice, "cardholders should feel assured that they will not be held liable for fraud of the nature that has occurred in this instance".
"Banks are taking appropriate action, including the re-issuing of cards, which effectively shuts down the opportunity for misuse of information", she said.