From: Cerridwyn Llewyellyn <ceridwyn@wolfenet.com>
Date: Thu, 1 Aug 1996 14:59:28 +0800
To: cypherpunks@toad.com
Subject: Re: VISA Travel Money
Message-ID: <2.2.32.19960801045505.00695c6c@gonzo.wolfenet.com>
MIME-Version: 1.0
Content-Type: text/plain



>> It's not as anonymous as cash, but it might draw a lot less
>> attention in my circumstances.  I think it has a place in one's
>> aresenal of privacy enchancing technologies.
>
>     This card has the value "written" when you "purchase" it right? 
>
>    Any one wanna bet on how long it will take the "Hacker" Community
>to figure out how to "refill" it? Otherwise all you have is a 
>debit card. 

Interesting related story about DefCon:  for those of you who have been
to Las Vegas, you know that many casinos have mag stripe cards that are
issued for a variety of reasons, that are just as good as cash in the
casino, but can't be used anywhere else.  Many use them as a sort of 
debit card for slot machines.  The story goes that a few DefCon attendies 
acquired a few of these cards from the Tropicana, and re-wrote the stripe 
to read that they had over 60,000 "points".  I guess they discovered that
the card was re-written each time it was used.  Unfortunately for them,
what they didn't discover was that the system also kept track on a 
computer somewhere, and the large difference between the computer's tally
and the card's value set off numerous red flags, they found out relatively 
quickly when two Casino Security guards escorted them to the police station.  
Oops.  I can't help but wonder what would've happened if they only made
the difference like 10 points instead of 60K?  These two people were not
too bright, as they were staying at the Tropicana, and probably had all 
the equipment in their rooms.  If they were of age, I believe (depending
on what they found in the room) they can each get multiple 15 year federal
sentences.  

Moral of the Story: Mag Stripe cards are never secure by themselves (the 
credit card companies mistakenly relied on security by obscurity and are
feeling the painful effects still today), but have the potential to be secure 
if backed up by that kind of system.  However, it would only really be
practical 
in a closed environment like a Casino.   

Thus, for the sake of all the lovely banks I know and love, I hope they
either A. choose something other than mag. stripes, or B. use them only as
debit cards that are checked against a bank account when used.

//cerridwyn//