Slashdot Mirror

← Back to Stories (view on slashdot.org)

Simple PrePay/Checkout System Using MagCards?

Posted by Cliff on from the a-convenient-use-of-the-technology dept.

An Anonymous Coward asks: "I help at a small youth club that has various events on different nights. For awhile now we have had a snack bar of sorts and have been thinking of developing a pre-paid system. We have access to plenty of computers and magnetic card readers (wit blank cards) but any ideas on the software? Also, would there be any way of also using this to keep track of a CD sign-out system?"

18 comments

  1. what kind of youth club? by Anonymous Coward · · Score: 0
    If your youth club is like any of the geek clubs I was in years ago you can bet your bippy that any pre-paid mag-reader system you impliment is going to get hacked real quick.

    lh_

  2. Yikes. by Anonymous Coward · · Score: 0

    Sounds like a REAL fun youth club.
    Wtf would they want to pre-pay, are you trying to over engineer this?

    1. Re:Yikes. by ameoba · · Score: 2

      Kids wouldn't want to pre-pay, but their parents would. Parents could pre-pay for snacky-bits, and rest easily knowing that, while $5 could buy some drugs, 5 snickers bars aren't quite so transferable (especially when they've been in sombody's hand during a nervous 10-block run).

      --
      my sig's at the bottom of the page.
    2. Re:Yikes. by Anonymous Coward · · Score: 0

      Someone is overcharging for Snickers.

    3. Re:Yikes. by Anonymous Coward · · Score: 0

      Mmmmm.. been a while since I bought something that cost less than $5.. (Excluding individual beers, naturally).

  3. Obvious security issues... by ameoba · · Score: 4, Insightful
    There are a few obvious things here:

    • I doubt anonymous transactions are much called for, so keep -all- the data, other than a single user ID, on your server. No need to have kids comming in and getting $150 worth of pixie sticks at a time.
    • Do your damnedest to keep the physical security of the server (and access points) tight. Kids can do wonders with an accidentally logged-in terminal
    • If you can implement some form of photo-id on the cards, it'll cut down on loss/theft. If printing the pix on the card isn't workable, keep them in the DB.
    • Make sure to keep copious records and excellent backups of all transactions. Hell hath no fury like a parent who thinks somebody's been stealing from their kids.
    --
    my sig's at the bottom of the page.
    1. Re:Obvious security issues... by duffbeer703 · · Score: 0, Flamebait

      Here's one more obvious thing:

      - You are a moron.

      --
      Conformity is the jailer of freedom and enemy of growth. -JFK
  4. Extra Layer of securiy req'd by vreeker · · Score: 4, Informative

    As suggested above the security of mag cards are quite trivial. However if you kept a record of what *should* be on the cards on a database of some kind any attempt to use a modified card could be spottted and dealt with.

    This somewhat stupifies the usage of the mag cards as you could just as easily use a barcoded card to track the users and keep all information local.

    CD borrowing system could work just like any library system now. Each user has a barcoded card (easily could be a mag card) that has a user id of some sort. Then the server keeps track of the rest. An added bonus to using the barcode is people could "log-in" from home and check account status. With a mag card the users would need an additional user id printed on the card. (Or assigned one in the application process).

    Just my two clams from above the border.

  5. Helping by Chacham · · Score: 1

    Well, I don;t know of any software for it, but I'd love to help design the database end of it.

    --
    Have you read my journal today?
  6. Texas A&M Aggie Buck System by Milican · · Score: 2

    I used a system that was tied to my mag card / student ID for many years there. You can buy cokes, pizza, food of any type, etc.. with the swipe of a card. The vending machines are the best because there is no need for change anymore! Everyone at A&M loves Aggie Bucks.

    BTW, here is a link for businesses involved. I know this doesn't help directly with the software, but it proves it has been done on a wide scale with great success. You may want to contact those involved in implementing this, or learn from their example. Good luck.

    JOhn

    --
    Campaign for Liberty
  7. Mag cards... by shumacher · · Score: 2, Informative

    A couple of security suggestions:
    1) Avoid sequential numbering.
    2) The Mag stripe should have information that's not printed on the card.
    3) Printed information on the card should be verified against data from the swipe.
    4) Mag card numbers should be independent of any specific user information.

  8. This might be overkill but... by John+Harrison · · Score: 2
    Have you considered smart cards? You can store prepaid credit on the card itself. You can keep a list of what is checked out currently on both the card and the a backend sysstem. This would be useful for proving to someone that they did indeed check something out. Ask for their card and show them the record of it from their card.

    If you do it right the security is better. Readers aren't that expensive (~$50) and they also function as writers. Also cards are getting pretty cheap. $3 for Java card, less that $1 for some file system cards. Obviously this is more expensive than mag-stripe, but also much cooler.

    disclaimer: I do smart card work full time so I am biased.

    --
    Lasers Controlled Games!
    1. Re:This might be overkill but... by dfreed · · Score: 1

      where can you find readers for $50?

  9. iButton by JediTrainer · · Score: 3, Informative

    Try the iButton. It's a Java-based little button that can be placed on a keychain (or ring, or watch, or wallet). I imagine they're probably simple enough to program with, and probably difficult to hack. I believe they all come with a unique identifier that can be accessed which cannot be overwritten, unlike with a mag-card which can easily be copied and forged.

    Should be relatively trivial to write a program to interface with a database every time it's touched to your terminal, depending on what sort of transaction you wish to take place.

    --

    You can accomplish anything you set your mind to. The impossible just takes a little longer.
    1. Re:iButton by PrinceBytor · · Score: 1

      This is a good suggestion.

      I have done some iButton programming in the past and found it fairly simple to create a little app that watched for contact on the iButton receptacle (or BlueDot), read relevant data from the iButton, and did its thing.

      Security on those little buggers is impressive (especially the lengths to which they went ensuring the physical security of the can).

      They're pretty cheap too.

    2. Re:iButton by dfreed · · Score: 1

      What is your definition of cheap for these buttons?

  10. So... by Anonymous Coward · · Score: 0

    It doesn't have to use mag cards, I just thought that would be easiest. I'm pretty into the ibuttons now though. If anyone would like to help e-mail me at timoteobc@mac.com (yes, I do use PCs aswell)