WELCOME to another 2600 Report. Several "issues" (or whatever you wish to call them)
back, I did a little research on Smart Cards, their suppliers, and the companies who have
their hands in the market. At the time, I figured it would be years before I was able to
get to play with a real Smart Card here in the U.S. Imagine my surprise, when I see an
advertisement for them in a throwaway newspaper insert! Now that they are here to play
with, more data may be forthcoming.
IF you have not checked out the
latest issue of 2600, or their web site,
you might want to do so. They are having some financial problems because their
distributor embezzled funds... Now would be a great time to buy yourself a T-Shirt or
hat or subscription.
 |
For mere vengance, I would do nothing...but for the security of the
future I would do everything."
- James Abram Garfield
April 15, 1865
|  |
What’s up with these cash cards?
In hopes that the procedure and "user interface" are important, I will detail it here.
Well, the story goes something like this... I was browsing the Sunday paper looking for
potential Christmas gifts when I came to the Thrifty Drugs ad. They were hyping their gift
certificate "cash cards" and included a miniature picture of one. My eyes were immediately
drawn to the picture and the metal-looking contacts on this cash card. "Are these the
smart cards I have been hearing so much of, but have never seen?," I asked myself.
I ventured down to Thrifty and bought myself (and several 2600 friends) a $10 card.
The cashier had NO IDEA what the hell I was talking about and had to call over a manager,
who had to call over another manager. Eventually, they found some "blank cards" in the
back room and brought them up to the checkout stand. They punched a few things into their
register (apparently, some of it was trial-and-error, as no one had ever done this before).
My eyes wandered to the new VeriFone credit card/ATM card reader that was stationed at the
checkout stand. It was in two pieces--one box that sat atop another. The upper box was
the standard machine everyone has seen in nearly every supermarket: display screen on top,
a keypad below the screen, and a card slot running along the right side of the box. The
box this device was placed upon was almost completely covered except for a smaler angled
card slot that pointed directly at me.
My money was taken (via Credit Card through the standard VeriFone box). The smart cards
were then inserted, one at a time, into the smaller slot (in the direction of the arrow
printed on the card). Each time, the message "Card Uninitialized" appeared on the display
screen until a key was hit on the register, after which the card was instantly "programmed"
to $10 ("$10 .00" appeared on the display screen).
Each time a card is inserted into the small slot, the dollar value is instantly displayed
on screen, which leads me to believe that the "cash" is really stored on the card--as
opposed to a hybrid version that may, for instance, store an account number on the card,
which is then referenced on some "central computer" elsewhere in the country. It just
seems to be a little to difficult and expensive to run and maintain a T1 or ISDN connection
at each store simply for the convienence of instant account balance lookup. At the time, I
forgot to ask if cash can only be deducted from the card (possible evidence of some kind of
destructive or write-once-read-many hardware), or if it is possible to add more money to
the balance (possible evidence of EEPROM-like hardware).
References
VeriFone can be found at http://www.verifone.com.
They were recently bought by HP. Their site seems to be rather shallow, but a select few
links lead to more juicy information--one hint: go directly to the Site Map. Try
http://www.verifone.com/solutions/smartcards/html/smart_card_faq.html
for their Smart Card FAQ. Learn about their products and read their White Papers at
http://www.verifone.com/products/html/product_library.html.
They have a decent Transaction Security White Paper (in Adobe Acrobat format) at:
http://www.verifone.com/pdf/WP_Transaction_Security.pdf.
Rumor has it that the Sega GameWorks cash cards may have been cracked! If you are not
familiar with these cards, they have three magnetic stripes across the back. They "hold"
your heavy quarters for you during that vast trek between the change machine and the video
games. More info may (or may not) be available at this meeting.
(Isn't there one of these in Vegas? Wouldn't this make an interesting
field trip at next year's DefCon if this format was released?
STILL IN BETA...
Interzone Voice is a new Voice BBS in Orange
County. Presently, it is still being designed, written, and tested. To preview the
system using an anonymous Guest account, manually dial 714/373-0964. Present features
include various message areas and a "hack-yer-own-mailbox" system. (You want a mailbox?
You will have to work for it!) Revisions are happening weekely--the final public version
is scheduled to go online February 1, 1998.
|
