Poor communications between an event management company and an ISP may have exposed credit card details of some customers.
Most at risk are delegates to an upcoming Canberra conference organised for the government-funded industry association Software Engineering Australia (SEA).
Some delegates to the conference have been registering by credit card via a Web site hosted by Canberra ISP Netspeed for events company Einsteinandedison.
It appears the Web payment process set up for the event was not secure, according to both Einsteinandedison CEO Elizabeth Bomben and Netspeed MD Brian Morris. But neither accepts responsibility for the situation.
Bomben said problems first surfaced in April after Netspeed was engaged to host a secure site.
"We would go in and sometimes it said the digital certificate had expired and at other times nothing appeared."
Discussions failed to resolve the issue and her events company got phone calls from users complaining the site did not appear to be secured, she said.
Netspeed told her several weeks ago the certificate for its server had expired and would not be renewed because Netspeed was switching to a new server, she said.
Netspeed's Morris agreed the conference registration page was not being called in a secure fashion. However, the difficulty was due to Web registration forms not being put in a secure mode, he said.
"It is up to the Web page designer to tell a page to go into a secure mode. They [the events company] has somebody else doing its HTML, we are only providing [the company] a secure server to link to."
Susan Dart, SEA national chief executive officer, said she was aware of the situation and was taking steps to rectify it.
"This is not acceptable. We had thought everything was secure and it has been a bit of a shock to find security did not exist any more."
Perhaps ironically, the Canberra conference is focused on what things Australia's IT industry does best and how it can push forward.
Einsteinandedison's Bomben said registrations for the SEA conference have been open for several weeks. She estimated only handful of people have used credit cards on the site.