
The hidden lab where bankcards are hacked - williamhpark
http://www.bbc.com/future/story/20150720-the-hidden-lab-where-bankcards-are-hacked
======
deutronium
'Alan Mushing sprays a sample magnetic stripe with a fluid suspension of iron
filings – instantly showing up the patterns of zeroes and ones on the card as
a series of light and dark bands.' \-- That sounds very interesting, i've not
heard of anyone doing that before, would you then need an optical microscope
to see the patterns I wonder?

Edit: [http://www.tetherdcow.com/another-science-
experiment/](http://www.tetherdcow.com/another-science-experiment/) Has a nice
photo of the trick

I just tried some magnetic viewing film I bought a while ago, to see if you
can see any lines from a credit card with them, but alas that didn't work.

~~~
batou
I've done this! You can see them with the naked eye quite easily. Just shine a
light diagonally at the surface. I wouldn't bother reading them by hand
though. You could take a photo of it with a digital camera then post-process
it and stick it through mathematica or something.

However you might as well just use a card reader.

I used to hack stored value phone cards back in the very early 1990s. First
they had an optical system which was easily circumventable with a torch a
knife and some epoxy glue. Then there were the smart card ones which were easy
to hack by scratching off the programming voltage pad on the card.

I got to the later mag strip cards like this and couldn't be bothered any
more.

~~~
deutronium
Neat :) Yeah I was thinking you could write an algorithm to process the image
of the credit card to data.

What do you mean by "they had an optical system which was easily
circumventable with a torch a knife and some epoxy" out of interest?

~~~
batou
Well they were pretty crap. There was a metalised bit of plastic for the card
and the reader burned certain bits of the plastic to gate the light. If you
bought a £5 card you could cut a hole in it, fill it up with epoxy and use a
permanent marker to fool it into thinking you had a £20 card :)

Edit: my memory is faulty; they were units, not £. Been a long time :)

~~~
davb
I remember these! A quick Google yields the following, with an example of the
reader mechanism [http://www.telephonecardcollector.com/optical-cardphone-
payp...](http://www.telephonecardcollector.com/optical-cardphone-payphone.htm)

A touch of nostalgia there.

~~~
batou
That's the ones! Never seen inside one before - thanks for posting!

------
nickpsecurity
Probably won't matter. There's been numerous, even cheap, solutions to the
card fraud problem devised in academia and industry. There's companies trying
to sell a variety of them. The issue is that the bank's don't really care so
long as the cost _to them_ stays under a certain amount. Their strategy,
instead of securing cards, is to push liability onto the cardholder using any
legal means possible. Their most successful trick has been lobbying
politicians to keep liability away from them.

So, we're not going to see improvements unless (a) they're willing to
sacrifice significant profit to protect consumers' money, (b) politicians
force them to, or (c) courts rule clearly enough against them enough times to
force them to. The first two are highly unlikely. The third is beginning a bit
with some rulings, esp in ACH. Not holding my breath: just assume the CC's
will be compromised, esp if someone takes physical possession of it. I know
people that exclusively use cash or pre-paid cards for this reason: main card
or bank account doesn't get hit.

------
acd
The PAN on smart card based chips is clear text readable with a simple USB
reader use EMV mode
[https://code.google.com/p/cardpeek/](https://code.google.com/p/cardpeek/)

Simple CCD cameras will read out PAN+CCV without even having to use a smart
card reader.

