[oclug] A credit/debit card reader for the home ??

William Case billlinux at rogers.com
Fri Sep 25 15:42:44 EDT 2009 

Thanks Bill;

On Fri, 2009-09-25 at 14:58 -0400, Bill Strosberg wrote:
> William Case wrote:
> > Hi;

> Credit and debit payment processing is very complex.  The readers are 
> simple (I've designed, built and sold many different variations in the 
> past).
> 
> You can get keyboard "wedge" readers that will read track 2 and track 3 
> magnetic stripe reader (MSR) data from your cards very cheaply.  You 
> swipe the card, and the reader converts it to keystrokes on the keyboard 
> interface as if it has been typed.  Cheaper readers do not implement the 
> CRC (cyclical redundancy check) or checksums incorporated in the card.  
> Cheap readers generally do not work bi-directionally as well.
> 
> MSR devices are on the way out - smart card "chip" technology is slowly 
> gaining momentum here - it already is pervasive in Europe.  MSR data is 
> easily duplicated with an inexpensive card writer and there is no 
> technical difference between the original and a cloned card.  The rate 
> at which technology is incorporated into the banking industry here is 
> controlled by the volume of fraudulent activity the banks/card issuers 
> are willing to accept.  If fraud is low, why bother instituting new 
> technology at great expense? 
> 
> In Canada our pinpad technology is controlled by the banks - approved 
> vendors incorporate bank-injected encryption chips in the pin pads to 
> generate the checksum values from your "PIN" when you enter it.  This 
> checksum value changes every transaction, and is compared to a similarly 
> generated checksum for the transaction at the bank end.  At no time is 
> your "PIN" ever sent across the Internet (or direct processing 
> connection via telephone).  There are multiple factors used to generate 
> the checksum.  The Canadian debit handling is far more secure & 
> consistent than the American version, as the US Federal Reserve system 
> is far more confused and fragmented than Canadian banking.
> 
> The encryption chips are self destructing in the event of tampering, and 
> are serialized.  Hack attempts at point of sale generally attack the pin 
> pan keyboard interface well in front of the actual encrypted 
> communication stream.
> 
> All this to say, the banking community is not willing to accept high 
> risk transaction data from card-not-present transactions.  Paypal is a 
> reasonable buyer alternative, but their fees are ridiculous to the 
> seller.  Don't look for this feature on home computers in the near future.

I do appreciate the explanation.

It was just a wish.  It would be nice to be able to buy things online
(even an impulse purchase) in some simple manner that doesn't mean one
has to throw passwords, code numbers and names into the cloud.  The
suggestion given by Mark Little that in the future we might be able to
use the bill paying utility available in online banking holds out some
hope.

Ah well ...

-- 
Regards Bill
Fedora 11, Gnome 2.26.3
Evo.2.26.3, Emacs 23.1.1

More information about the OCLUG mailing list