Slashdot Mirror

← Back to Stories (view on slashdot.org)

Simple PrePay/Checkout System Using MagCards?

Posted by Cliff on from the a-convenient-use-of-the-technology dept.

An Anonymous Coward asks: "I help at a small youth club that has various events on different nights. For awhile now we have had a snack bar of sorts and have been thinking of developing a pre-paid system. We have access to plenty of computers and magnetic card readers (wit blank cards) but any ideas on the software? Also, would there be any way of also using this to keep track of a CD sign-out system?"

7 of 18 comments (clear)

  1. Obvious security issues... by ameoba · · Score: 4, Insightful
    There are a few obvious things here:

    • I doubt anonymous transactions are much called for, so keep -all- the data, other than a single user ID, on your server. No need to have kids comming in and getting $150 worth of pixie sticks at a time.
    • Do your damnedest to keep the physical security of the server (and access points) tight. Kids can do wonders with an accidentally logged-in terminal
    • If you can implement some form of photo-id on the cards, it'll cut down on loss/theft. If printing the pix on the card isn't workable, keep them in the DB.
    • Make sure to keep copious records and excellent backups of all transactions. Hell hath no fury like a parent who thinks somebody's been stealing from their kids.
    --
    my sig's at the bottom of the page.
  2. Re:Yikes. by ameoba · · Score: 2

    Kids wouldn't want to pre-pay, but their parents would. Parents could pre-pay for snacky-bits, and rest easily knowing that, while $5 could buy some drugs, 5 snickers bars aren't quite so transferable (especially when they've been in sombody's hand during a nervous 10-block run).

    --
    my sig's at the bottom of the page.
  3. Extra Layer of securiy req'd by vreeker · · Score: 4, Informative

    As suggested above the security of mag cards are quite trivial. However if you kept a record of what *should* be on the cards on a database of some kind any attempt to use a modified card could be spottted and dealt with.

    This somewhat stupifies the usage of the mag cards as you could just as easily use a barcoded card to track the users and keep all information local.

    CD borrowing system could work just like any library system now. Each user has a barcoded card (easily could be a mag card) that has a user id of some sort. Then the server keeps track of the rest. An added bonus to using the barcode is people could "log-in" from home and check account status. With a mag card the users would need an additional user id printed on the card. (Or assigned one in the application process).

    Just my two clams from above the border.

  4. Texas A&M Aggie Buck System by Milican · · Score: 2

    I used a system that was tied to my mag card / student ID for many years there. You can buy cokes, pizza, food of any type, etc.. with the swipe of a card. The vending machines are the best because there is no need for change anymore! Everyone at A&M loves Aggie Bucks.

    BTW, here is a link for businesses involved. I know this doesn't help directly with the software, but it proves it has been done on a wide scale with great success. You may want to contact those involved in implementing this, or learn from their example. Good luck.

    JOhn

    --
    Campaign for Liberty
  5. Mag cards... by shumacher · · Score: 2, Informative

    A couple of security suggestions:
    1) Avoid sequential numbering.
    2) The Mag stripe should have information that's not printed on the card.
    3) Printed information on the card should be verified against data from the swipe.
    4) Mag card numbers should be independent of any specific user information.

  6. This might be overkill but... by John+Harrison · · Score: 2
    Have you considered smart cards? You can store prepaid credit on the card itself. You can keep a list of what is checked out currently on both the card and the a backend sysstem. This would be useful for proving to someone that they did indeed check something out. Ask for their card and show them the record of it from their card.

    If you do it right the security is better. Readers aren't that expensive (~$50) and they also function as writers. Also cards are getting pretty cheap. $3 for Java card, less that $1 for some file system cards. Obviously this is more expensive than mag-stripe, but also much cooler.

    disclaimer: I do smart card work full time so I am biased.

    --
    Lasers Controlled Games!
  7. iButton by JediTrainer · · Score: 3, Informative

    Try the iButton. It's a Java-based little button that can be placed on a keychain (or ring, or watch, or wallet). I imagine they're probably simple enough to program with, and probably difficult to hack. I believe they all come with a unique identifier that can be accessed which cannot be overwritten, unlike with a mag-card which can easily be copied and forged.

    Should be relatively trivial to write a program to interface with a database every time it's touched to your terminal, depending on what sort of transaction you wish to take place.

    --

    You can accomplish anything you set your mind to. The impossible just takes a little longer.