Do those gift cards that carry a balance have the actual balance on the stripe, or just an ID?
I’d guess just an ID, and the balance is queried from the network from the cash register.
If it were on the stripe on the card, then not only could it be hacked and people add money to the balance, but then the register would have to be able to write to the card, which would add to the cost of the register.
Am I correct?
I’m gonna say an ID. In my retail experience, when the phone network that supported checks and gift cards when out, no gift card sales were possible. This was especially fun the week after christmas when we had to tell lines of people … “We’re sorry but our computer system is on the fritz so you’ll have to shop some other time.”
WAG - Just the ID.
Why? If the card had the actual balance on it, you would have to swipe the card again to adjust the balance. As it is, when it comes times to pay, you only swipe the card once so the account number is read into the database and the amount remaining is deducted from the balance, again on the database.
Can magnetic strips be changed with standard stor equipment? I don’t think so. I think putting the balance on the card would require a smart card.
This, along with the obvious copying problems is why these cards are in fact just references to a network balance.
To address the quoted point first a simple swipe reader for tracks 1 and 2 (There are 3 tracks on the back of a standard credit card, track 1 and 2 containing the relevant data) would set you back about $85 retail, a lot less as an embedded component of a till.
Whereas a track 1 and 2 writer would set you back at least twice, if not three times as much. They’re not terribly reliable as writers either, for decent quality, at least $500 (again, retail, much less for manufacturers).
Given that no till or credit card interface manufacturer is going to make their unit even $100 more expensive to produce without a better reason than ‘someone may invent a writable card’ you can be assured that all tills come with readers only.
To address the security issue, one thief + $500 for a swipe writer + using re-writable cards is >> $500 profit for the thief, almost untracably, therefore, they aren’t done that way, because the credit card companies would have no money left.
Smart cards come with their own set of problems, but the above situation covers mag stripe stuff.
In Japan they have pre-paid phone cards that work on most public pay phones. These cards actually have the balance recorded on the magnetic strip. Every pay phone contains a card reader/writer to update the card.
As for how they prevent conterfeit cards - I don’t know. Counterfeit cards used to be a widely publicized problem. Thieves would buy junk pay phones, remove the card reader/writer and reprogram it to produce fake cards or add balance to real cards. I’ve even seen magazine articles containing fairly detailed information on how it’s done. I haven’t heard much about this problem in the past few years so they may have added security measures, but I’m pretty sure the cards still work the same way.
Anyway that’s more of an exception that proves the rule. (Is that a correct way to use that phrase?)
If they’re buying junk payphones rather than using off the shelf equipment the phones probably use a non standard encoding scheme for the stripe (similarly to hotels that use a half dip and don’t want random thieves opening their doors at will). The data on a mag stripe is represented (rather unsuprisingly) by areas of different magnetic alignment, with a coding scheme allowing translation to human readable characters (full description (it shares quite a few similarities with barcodes). If you don’t use the standard codes, standard readers/writers are no good to a criminal. It’s still not a secure system by any means, because all the data is still on the card, accessable to either the method used above or to more sophisticated criminals by a variety of means which I’ll not discuss here by reason of board policy. Quite frankly I’m astounded the japanese telecoms companies thought that was a good idea when smart cards are such an established technology in that arena.here
sorry 'bout that.
The here link was supposed to after the words full desription.