gang when buying permits this year, try to spread the wealth

[Yukon]

The business model would show that if you offered online permit sales, a convenience with no extra fees or a discount, the sales will go up. This would more than cover the costs of the online system. The OFSC is a business, although non-profit, it is still a business and could use business methodologies to flourish.

You kill me Dom ... hey Marg Look them thar snowmobile trails now offer on line sales, lets buy $25.000 worth of snowmachines, suits and helmets go ride them thar snowmachines on them thar trails.

On line sales are nothing more then a converniance to existing permit buyers and to remote clubs who's permit base is of distance. They will not be something that brings new people into the sport, increasing permit sales.

There are lots of sleds on our trails without permits. The question is will there be more or less on the trail without a permit this year?

I will be out this season in the Port Severn with a great group of dedicated goodwill ambassadors doing trail patrol , providing trail side info , sharing good stories , handing out maps , having a few laughs and checking for Permits , I caught one guy last season without a permit near end of season .

It is my my pleasure to keep our trail riders Compliant and I know I can speak for the rest of our clubs TP crew !

Try Riding our system without a Permit , I`ll have the Trespass notices waiting !

[Nutter]

It wasn't subsidized by you at all.

Where did the money come from to pay for it before ?

Not from you so don't suggest it did.

So where did it come from ? I can tell you it came from, MSR's operating expensis, and those operating expesis came from permit revenue. A portion of my permit dollars and from everyone else who bought traditionally went to funding MSR's operational cost, Where one of their operational costs was to provide a permit at no extra cost to an online buyer. It cost me time and money to drive my truck to get my permit, why shouldn't the guy who buys online also absorb some of these costs ?

Horse Hockey. How much did it cost you ?

How much did it cost you ?

The same equal portion it cost every other permit buyer who bought traditionaly.

Take the number of permits that the MSR sold on line and multiply it by the cost of them doing the transaction and mail out (don't worry about the lost claims, we don't even need to delv in that far), then take that number and divide it by the amount of permits sold tradtionally across the province, and you'll have the answer.

The business model would show that if you offered online permit sales, a convenience with no extra fees or a discount, the sales will go up. This would more than cover the costs of the online system. The OFSC is a business, although non-profit, it is still a business and could use business methodologies to flourish.

You kill me Dom ... hey Marg Look them thar snowmobile trails now offer on line sales, lets buy $25.000 worth of snowmachines, suits and helmets go ride them thar snowmachines on them thar trails.

On line sales are nothing more then a converniance to existing permit buyers and to remote clubs who's permit base is of distance. They will not be something that brings new people into the sport, increasing permit sales.

There are lots of sleds on our trails without permits. The question is will there be more or less on the trail without a permit this year?

Aree you serious .... do you really think that the $10 on line fee will deture someone into breaking the law they could just buy by mail or in person you know thewre is options .....

[Domino]

The online system offered by the MSR was secure and safe. Fact.

There is not a single computer system in existence that is 100% secure and safe. Fact. :P

Correct. Even whatchacall yer on-line banking stuph.

However, I wish to dispel the inference that the MSR system was unsafe.

The MSR system was as safe as technology would allow it to be.

And, it was free to use.

While I am sure you believe that the online system by MSR was secure and safe I can assure you that I could poke more holes in it than swiss cheese. This is part of what I do for a living. Whenever you record any personal information electronically you must comply with PIPEDA (Personal Information Protection Electronic Data Act) If you accept credit card information you must comply with PCI standards (Payment Card Industry). Both of these have extremely stict and stringent requirements. I doubt MSR ever had a PCI or PIPEDA audit. It goes down to the granular level of who has access to the data they collect and how they control that access as well as where it is stored and how it is stored. What level of encryption did they have on the communications through the website.

As far as being as safe as technology would allow it to be... you could easily spend an entire years budget for grooming trying to make it safe. How many firewalls were in front of the server? I could go on for a very long time but won't.

I am certain that the OFSC site will not be any safer in term of risk. It will be a larger collection of information and therefore be a more viable target than a club level site. The amount you spend on securing a site is related to its risk of attack.

I think the OFSC centralized site is a great idea. I have been in support of it since I heard about it last year. The $10 tax is a kick in the nutter! :P

Sorry Nutter, I could resist putting some fun back into this topic!

[02Sled]

So instead they spend thousands of dollars (or more) implementing a system that the people who are most likely to use the service appear to have no interest in using.

.

Thousands! to get a decent secure server and communications network thousands won't cover it. How about 10's of thousands.

[Nutter]

The online system offered by the MSR was secure and safe. Fact.

There is not a single computer system in existence that is 100% secure and safe. Fact. :P

Correct. Even whatchacall yer on-line banking stuph.

However, I wish to dispel the inference that the MSR system was unsafe.

The MSR system was as safe as technology would allow it to be.

And, it was free to use.

While I am sure you believe that the online system by MSR was secure and safe I can assure you that I could poke more holes in it than swiss cheese. This is part of what I do for a living. Whenever you record any personal information electronically you must comply with PIPEDA (Personal Information Protection Electronic Data Act) If you accept credit card information you must comply with PCI standards (Payment Card Industry). Both of these have extremely stict and stringent requirements. I doubt MSR ever had a PCI or PIPEDA audit. It goes down to the granular level of who has access to the data they collect and how they control that access as well as where it is stored and how it is stored. What level of encryption did they have on the communications through the website.

As far as being as safe as technology would allow it to be... you could easily spend an entire years budget for grooming trying to make it safe. How many firewalls were in front of the server? I could go on for a very long time but won't.

I am certain that the OFSC site will not be any safer in term of risk. It will be a larger collection of information and therefore be a more viable target than a club level site. The amount you spend on securing a site is related to its risk of attack.

I think the OFSC centralized site is a great idea. I have been in support of it since I heard about it last year. The $10 tax is a kick in the nutter! :P

Sorry Nutter, I could resist putting some fun back into this topic!

The OFSC is at zero risk, we are using a third party furnishing house ....

Funny part about all this is, if this wasn't done, sooner then later a club would of been sued and the usual BS about how the OFSC didn't protect their volunteeers would been back in play again, with those who don't understand they are the OFSC and they collectivly with all the other provinces permit buyers control it's destiny. And if we didn't charge those who wish to take advantage, the clubs who have never and probvably never will sell a permit on line would of balked at loosing a portion of their operating expensis to fund this program.

Remember it was permit buyer demand and majority vote of the provinces volunteers that opened up pandoras box, and no one had any idea that the MTO as permit owner would do what they did, even though it is the right thing to do, to protect buyers. As always think before you act and be careful what you wish for .....

[Nutter]

So instead they spend thousands of dollars (or more) implementing a system that the people who are most likely to use the service appear to have no interest in using.

.

Thousands! to get a decent secure server and communications network thousands won't cover it. How about 10's of thousands.

And just think not one complement to the OFSC staff who are putting this togther with outside funding, rather then taking money out of permit revenue ..... what a shame.

[teener]

Just curious - is OFSC actually planning to charge a $10 service fee? I saw the reference to a fee in Freezerburnt's comments, but it was in relation to the Manitoba's system. Did I miss something or is this discussion about something that hasn't actually been implemented yet for the upcoming season?

[Mossy]

Instead of buying on line what about just making a phone call? I know for a fact that the algoma trail assc. is great to deal with!!!

[Canuck]

Just curious - is OFSC actually planning to charge a $10 service fee? I saw the reference to a fee in Freezerburnt's comments, but it was in relation to the Manitoba's system. Did I miss something or is this discussion about something that hasn't actually been implemented yet for the upcoming season?

That's how I read it, as well.

I suspect that discussion is about 'maybe' charging $10. ????

[Domino]

Just curious - is OFSC actually planning to charge a $10 service fee? I saw the reference to a fee in Freezerburnt's comments, but it was in relation to the Manitoba's system. Did I miss something or is this discussion about something that hasn't actually been implemented yet for the upcoming season?

That's how I read it, as well.

I suspect that discussion is about 'maybe' charging $10. ????

I believe this was the comment that made me question it and the the debate ensued!

I don't see the OFSC's $10 on line fee as a scheme Jay ..... better the buyer pays for the convenience of buying on line, then for the money to come from the clubs per permit sold in their name, and the money come off the snow.

Are you stating that the OFSC is going to charge an additional $10 to buy your permit online?

Please tell me they did not take what was being offered by clubs for free and make it a fee with the excuse of the privacy act?????

[skidooer]

Instead of buying on line what about just making a phone call?

You bring up a good question, Mossy.

• 
  [*:2feskcmf]The telephone is considerably less secure than even a half-assed secured website.
  [*:2feskcmf]Information is collected by the club (see: privacy act).
  [*:2feskcmf]Credit transaction fees will be roughly the same through either method.
  [*:2feskcmf]Postage costs are the same with both methods.

Why is the telephone method not subject to the same scrutiny and costs as the online version?

[Nutter]

Just curious - is OFSC actually planning to charge a $10 service fee? I saw the reference to a fee in Freezerburnt's comments, but it was in relation to the Manitoba's system. Did I miss something or is this discussion about something that hasn't actually been implemented yet for the upcoming season?

That's how I read it, as well.

I suspect that discussion is about 'maybe' charging $10. ????

No maybe, done deal, if you don't want to leave the house and buy from club or club vendor, use mail or the phone .. it'll cost you 10 duckets oncee the on line system is up and running.

Instead of buying on line what about just making a phone call?

You bring up a good question, Mossy.

• 
  [*:8f4ceiz6]The telephone is considerably less secure than even a half-assed secured website.
  [*:8f4ceiz6]Credit transaction fees will be roughly the same through either method.
  [*:8f4ceiz6]Postage costs are the same with both methods.

Why is the telephone method not subject to the same scrutiny and costs as the online version?

I gather because doing credit card transaction over the phone is not governed the same way as over the net.

While I am sure you believe that the online system by MSR was secure and safe I can assure you that I could poke more holes in it than swiss cheese. This is part of what I do for a living. Whenever you record any personal information electronically you must comply with PIPEDA (Personal Information Protection Electronic Data Act) If you accept credit card information you must comply with PCI standards (Payment Card Industry). Both of these have extremely stict and stringent requirements. I doubt MSR ever had a PCI or PIPEDA audit. It goes down to the granular level of who has access to the data they collect and how they control that access as well as where it is stored and how it is stored. What level of encryption did they have on the communications through the website.

As far as being as safe as technology would allow it to be... you could easily spend an entire years budget for grooming trying to make it safe. How many firewalls were in front of the server? I could go on for a very long time but won't.

[skidooer]

I gather because doing credit card transaction over the phone is not governed the same way as over the net.

Which is interesting because technically speaking, given the nature of modern phone systems, most voice transmissions are digital recordings. And collection of credit card data is collection of credit card data, no matter what the medium.

It is just funny that the laws put so much emphasis on one thing, but totally ignore another method that is much more vulnerable. The idea that people will trust a random person on the other end of a unsecured phone connection, but cower at the thought of having to put personal information into a website that has been secured to the nines is hilarious.

I wonder what would happen if a club setup a website that phoned in the information upon submission rather than storing it on a computer system?

[Nutter]

I gather because doing credit card transaction over the phone is not governed the same way as over the net.

Which is interesting because technically speaking, given the nature of modern phone systems, most voice transmissions are digital recordings. And collection of credit card data is collection of credit card data, no matter what the medium.

It is just funny that the laws put so much emphasis on one thing, but totally ignore another method that is much more vulnerable. The idea that people will trust a random person on the other end of a unsecured phone connection, but cower at the thought of having to put personal information into a website that has been secured to the nines is hilarious.

I wonder what would happen if a club setup a website that phoned in the information upon submission rather than storing it on a computer system?

I know squat about computers, but I'd imagine stealing info in massively large amounts is much easier and more common by computer/internet then it is by person to person telephone ? And I think it would be safe to say it wouldn't take much talk of that to open Pandora's box with it too. With the MTO owning the permit under bill 101 and it being a body of the province, the province definatly wants to cover it's self in all ways (can't blame them with todays sue happy society).

[skidooer]

I'd imagine stealing info in massively large amounts is much easier and more common by computer/internet then it is by person to person telephone ?

All one needs to do is become the volunteer who takes the phone orders. Even the most vulnerable website is not nearly that easy to break into.

On a club by club basis, we're probably only talking a handful of online sales anyway. That's not really massive amounts of information, relatively speaking. I'll be the first one to tell you that all of the clubs need to work together when it comes to the internet, but there is something to be said about spreading out the risk by having each club handle their own sales.

[Yukon]

While I am sure you believe that the online system by MSR was secure and safe I can assure you that I could poke more holes in it than swiss cheese. This is part of what I do for a living. Whenever you record any personal information electronically you must comply with PIPEDA (Personal Information Protection Electronic Data Act) If you accept credit card information you must comply with PCI standards (Payment Card Industry). Both of these have extremely stict and stringent requirements. I doubt MSR ever had a PCI or PIPEDA audit. It goes down to the granular level of who has access to the data they collect and how they control that access as well as where it is stored and how it is stored. What level of encryption did they have on the communications through the website.

As far as being as safe as technology would allow it to be... you could easily spend an entire years budget for grooming trying to make it safe. How many firewalls were in front of the server? I could go on for a very long time but won't.

The MSR site was secure, but with regards to the issue we faced, it was how the online application looked. The application did not look like the same paper application that the MTO approved. The wording was all there, just did not look exactly the same as the MTO form.

Your now an active member of our club you chose to get involved , lets discuss this on weekend and I will fill you in on the drama . I've been in contact with the office in regards to the security after all I needed to know to keep the BSR website compliant . The new forms are set up for download , we just don't have the Online permit sales set up yet .

[AkronOrange]

I'd like to comment on the "spread the wealth"

We have been coming to Ontario for about 10 years. We started in Muskoka riding the busy trails and bought our permits there as well. As we visited points north we began buying our permits there, North Bay then Shining Tree. It seemed these places enjoyed us coming and could use the sales. We have most recently been visiting those places north of Superior, Longlac, Hillsport and places around those areas. These people really need the trail funds, they have limited resources for grooming and many km of trails to groom. Many of the places that allow us to enjoy our sport rely on our contributions to keep them going. Halfway Haven, Aubrey Falls, Klotz Lake, and the people in Hillsport just to name a few. In some cases these places provide a vital link for us to be able to make it from point "A" to point "B".

We visit many places during the course of a season, we don't help with grooming or clearing or any type of volunteering, the least we can do is to spread the wealth with those that are most deserving and most in need.

[Nutter]

I'd like to comment on the "spread the wealth"

We have been coming to Ontario for about 10 years. We started in Muskoka riding the busy trails and bought our permits there as well. As we visited points north we began buying our permits there, North Bay then Shining Tree. It seemed these places enjoyed us coming and could use the sales. We have most recently been visiting those places north of Superior, Longlac, Hillsport and places around those areas. These people really need the trail funds, they have limited resources for grooming and many km of trails to groom. Many of the places that allow us to enjoy our sport rely on our contributions to keep them going. Halfway Haven, Aubrey Falls, Klotz Lake, and the people in Hillsport just to name a few. In some cases these places provide a vital link for us to be able to make it from point "A" to point "B".

We visit many places during the course of a season, we don't help with grooming or clearing or any type of volunteering, the least we can do is to spread the wealth with those that are most deserving and most in need.

If that's where you ride the most it's the right thing to do

[Wildbill]

So instead they spend thousands of dollars (or more) implementing a system that the people who are most likely to use the service appear to have no interest in using.

.

Thousands! to get a decent secure server and communications network thousands won't cover it. How about 10's of thousands.

And just think not one complement to the OFSC staff who are putting this togther with outside funding, rather then taking money out of permit revenue ..... what a shame.

they are paid to do that job . Many of us work hard for free or worse to help the system. Do not misunderstand me I do appreciate what they do but it is thier JOB so do it and do it well or be replaced .

[Nutter]

So instead they spend thousands of dollars (or more) implementing a system that the people who are most likely to use the service appear to have no interest in using.

.

Thousands! to get a decent secure server and communications network thousands won't cover it. How about 10's of thousands.

And just think not one complement to the OFSC staff who are putting this togther with outside funding, rather then taking money out of permit revenue ..... what a shame.

they are paid to do that job . Many of us work hard for free or worse to help the system. Do not misunderstand me I do appreciate what they do but it is thier JOB so do it and do it well or be replaced .

I agree Bill, but if you recall we the floor never stipulated that they find outside funding to run this program, they did that on their own accord. Their job is to do as we ask, when they go above and beyond I feel we can comend them for that. And this is something they definatly don't hear very often, they are the wipping posts for the decisions we the OFSC make, as many feel the OFSC's paid employees run the org, which is very far from the truth. Would of been much less work for them to just start writing checks to run this program.

[Wildbill]

So instead they spend thousands of dollars (or more) implementing a system that the people who are most likely to use the service appear to have no interest in using.

.

Thousands! to get a decent secure server and communications network thousands won't cover it. How about 10's of thousands.

And just think not one complement to the OFSC staff who are putting this togther with outside funding, rather then taking money out of permit revenue ..... what a shame.

they are paid to do that job . Many of us work hard for free or worse to help the system. Do not misunderstand me I do appreciate what they do but it is thier JOB so do it and do it well or be replaced .

I agree Bill, but if you recall we the floor never stipulated that they find outside funding to run this program, they did that on their own accord. Their job is to do as we ask, when they go above and beyond I feel we can comend them for that. And this is something they definatly don't hear very often, they are the wipping posts for the decisions we the OFSC make, as many feel the OFSC's paid employees run the org, which is very far from the truth. Would of been much less work for them to just start writing checks to run this program.

This program is a ridiculous waste of resources brought about by a paranoid useles government . A template could have been created for all the districts to follow and it would not have used any staff resources and perhaps the outside sponsors could have put thier money on the trail.

[Nutter]

So instead they spend thousands of dollars (or more) implementing a system that the people who are most likely to use the service appear to have no interest in using.

.

Thousands! to get a decent secure server and communications network thousands won't cover it. How about 10's of thousands.

And just think not one complement to the OFSC staff who are putting this togther with outside funding, rather then taking money out of permit revenue ..... what a shame.

they are paid to do that job . Many of us work hard for free or worse to help the system. Do not misunderstand me I do appreciate what they do but it is thier JOB so do it and do it well or be replaced .

I agree Bill, but if you recall we the floor never stipulated that they find outside funding to run this program, they did that on their own accord. Their job is to do as we ask, when they go above and beyond I feel we can comend them for that. And this is something they definatly don't hear very often, they are the wipping posts for the decisions we the OFSC make, as many feel the OFSC's paid employees run the org, which is very far from the truth. Would of been much less work for them to just start writing checks to run this program.

This program is a ridiculous waste of resources brought about by a paranoid useles government . A template could have been created for all the districts to follow and it would not have used any staff resources and perhaps the outside sponsors could have put thier money on the trail.

While I hate any gov interferance in anything we do, I don't think this was so bad, as buyers and all of us within the OFSC are now sheilded through a third party. Centralized single entity online sales are going to be much cheaper and easier to maintain then 17 different ones, also more reliable across the board, and it takes a good chunk of work load off the volunteers. It also provides a fair playing field for all clubs, not just those with the resources that have a website. Also we all know not many sponsors will not just donate money for the trails, they want to have their attached name getting as much related exposure as possible.

[02Sled]

Why is the telephone method not subject to the same scrutiny and costs as the online version?

While someone may be able to pick up your telephone conversation if you are using a cordless or a cell phone it becomes real hit and miss for thieves to identify which phone calls to listen in on. As soon as you publicly promote an online process which relies on the transmission of credit card and other personal information it is an invitation to thieves that there would be a significant amount of this traffic available for interception or hacking. That is why PCI (Payment Card Industry) standards are so stringent. They are focussed on the integrity of the system that collects, stores and handles the customers sensitive data. That would also apply to the data collected over the course of a phone call. At some point in the phone call or immediately thereafter the customer information would be entered into a database. That database must be secure from intrusion both internally and externally.

[Domino]

Why is the telephone method not subject to the same scrutiny and costs as the online version?

While someone may be able to pick up your telephone conversation if you are using a cordless or a cell phone it becomes real hit and miss for thieves to identify which phone calls to listen in on. As soon as you publicly promote an online process which relies on the transmission of credit card and other personal information it is an invitation to thieves that there would be a significant amount of this traffic available for interception or hacking. That is why PCI (Payment Card Industry) standards are so stringent. They are focussed on the integrity of the system that collects, stores and handles the customers sensitive data. That would also apply to the data collected over the course of a phone call. At some point in the phone call or immediately thereafter the customer information would be entered into a database. That database must be secure from intrusion both internally and externally.

I think you are forgetting about VOIP (Voice over Internet Protocol). Basically a telephone call transported by the internet.

[skidooer]

While someone may be able to pick up your telephone conversation if you are using a cordless or a cell phone it becomes real hit and miss for thieves to identify which phone calls to listen in on.

Why not listen to all of them? If you have the computing resources to break into a reasonably secure website, you have the computing resources to apply some heuristics to the audio stream to identify which phone calls contain credit card transactions. As an added bonus, the attack can be carried out passively, making it much more appealing to those who prefer to not be caught.