Hacker News new | comments | show | ask | jobs | submit login
How printers and Photoshop detect and refuse to process images of currency (cam.ac.uk)
191 points by kibwen on Jan 3, 2014 | hide | past | web | favorite | 116 comments

When I was in college (99-2000ish, maybe?), one of my roommates was an art major with a graphic design bent, and he had this high end printer and would copy and print $1 bills and take 20 at a time over to the vending machines around the corner from our apartments once a week or so. After about a month of doing this, the machines disappeared.

Of course, he's the same roommate who later got arrested for wire fraud and grand theft.

In a similar vein, I remember a class trip on a Ferry from Seattle to Vancouver back in the 80s. There was a change machine that would give you four quarters for a dollar so that you could play video games.

It seemed smart, as it would give you the same four quarters if you used a Canadian Dollar or an American one. Or maybe not, as one kid found out when he stuck a $5 bill in and got 4 quarters.

Being 12, and therefore far more clever than the designers of this machine, the kids then proceeded to cut our a few thousand little rectangular strips of paper, roughly dollar sized, and clean that poor machine out.

And being 12, and having Ms PacMan machines as the only way of disposing of that giant sack of quarters, when it became apparent that there was no way to spend them fast enough, it naturally degenerated into a game of "Throw the quarter in the Ocean".

Similar. A friend of mine used an epson stylus printer (new on the market then) and a scanner to copy £20 notes. They were inserted into the change machine in the local gambling arcade type place. It was stupid enough to accept a single sided copy.

Out popped pound coins.

He now works for GCHQ which is funny.

Edit: just to add that these change machines were really naff and obviously built by the lowest bidder.

> He now works for GCHQ which is funny.

So he just moved on to even more serious crimes.

Yep. Considering the recent news etc, he is the proverbial laughing stock.

Well, mission accomplished ^_^

NAFF - At first I decided that it stood for 'Not Anything Fucking Fancy'

then I googled it and realized its british slang:'https://www.google.com/search?q=naff

"realized" - at first I thought you couldn't spell, but then I googled it and realised that you're an American.

Look it up and you'll _realize_ that "realise" is the non-Oxford English spelling, and the Oxford English spelling is realize.

It's the same with many words with the -ize suffix - we seem to have subconsciously accepted -ise to the point that spellcheckers demand it, when in actual fact the OED form of a word typically uses -ize.

Most British newspapers use the -ise form. The Oxford University Press use the -ize form. So it isn't as clear cut as you think.

I recall reading that the -ise alternatives have some roots in Australian us of the language.

I am aware of the OUP's stance on -ize. My little dig at the commenter's parochialism would not have been enhanced by a exploration of the nooks & crannies of International English.

It turns out "-ise" is a French-ism, which we seem to have integrated in Australian English (blame Macquarie :-)

I love how you antagonize me even though you're the one in the wrong.

> It was stupid enough to accept a single sided copy.

DIP switches are set for various options one being accept face up (two-way), other options turn on or off acceptance of certain denomination bills and maintenance features such as calibration.

Even now modern acceptors allow this, although four-way acceptance is often preferred by the customer.

>he had this high end printer and would copy and print $1 bills and take 20 at a time over to the vending machines

I'm embarassed to admit that in middle school my friend and I did something similar as his dad ran a printing business out of his garage. It surprised us then that this worked so easily. Luckily we only used them on vending machines and we quit doing it before we got caught. It makes me wonder what more sophisticated criminals can get away with.

> It makes me wonder what more sophisticated criminals can get away with.

A lot. http://en.wikipedia.org/wiki/Superdollar

When I was in Ecuador (which uses the US dollar) it was extremely common to find fake $20s in your change. I could never spot them, but the locals could.

They were exceptionally good, right down to the watermark, security strip, etc. etc. Even when I had a known real one and a known fake one, I couldn't tell them apart.

Well which part about the note made it a "known fake" to the locals?

They could feel the texture with their fingers (I couldn't tell any difference) and the security strip was a tiny, tiny bit longer than it should have been on the fakes.

Even after they told me what to look for, I couldn't tell.

This is precisely the reason the U.S. Treasury still insists on using natural fiber in paper notes. There's more detail in this delightful Esquire article about the making of paper currency:


I can't seem to make your link work, but I managed to track down the original article so allow me to repost:


That was a fascinating read, thanks!

Tl;dr: 100$ bills produced in all likelihood by a foreign government (suspects are North Korea, Syria, Iran) or maybe criminal gangs are so well done that they are practically indistinguishable from the original.

The numbers printed seem to be pretty low though, and not nearly enough to endanger the economy in any way. Probably its hard to launder the money?

Rates for the US are around 0.01% of circulating notes.

As far as counterfeit currency being a danger to economies, check out Operation Bernhard [1] where Nazi Germany forged British bank notes to flood the economy, with the goal of causing rapid inflation that would be damaging to the government.

There's a good movie as well, from 2007, about the operation: Die Fälsche (The Counterfeiters) [2]. Definitely worth a watch.

[1] http://en.wikipedia.org/wiki/Operation_Bernhard

[2] http://www.imdb.com/title/tt0813547/

Some how this comment reminded me of https://en.wikipedia.org/wiki/J._S._G._Boggs

This guy made beautifully artistic bills that didn't look official currency and then made purchases with them at their face value: $100, $500, etc.

If you have the criminal connections you can buy forged currency in a similar way to how you can buy drugs, the idea being that you can make a return on your investment if you put the work in to shift 'the product'.

Quality is a factor in the price so (for example) a bag of 100 £1 coins might cost £60 but you might not be able to use them in vending machines due to the weight being wrong. Notes again have their price depending on quality and cut.

Given the cost of high quality ink and paper, one wonders how much less than $1 those bills cost to make.

It's likely an economy-of-scale: bigger the operation, the better the ROI. Low volume would be expensive.

Given that it was a decade and a half ago, and that even today's vending machine recognizers probably don't do much beyond making sure a few relatively gross features are present, I doubt the cost per counterfeit was all that close to $1.

You are absolutely, positively wrong on this front. The new bill detectors use PCA and SVM to analyze notes. They're so good the treasury department buys them because they're better than the best systems out there.

Generally, however, the vending business is quite cheap. They buy the low end machine because there's not really a reason to bother buying the more expensive ones. However, go to a casino, or a foreign country that uses large bills, and you'll find the story is totally different. The machines are incredibly good.

* Source: I worked in this industry for years.

> They're so good the treasury department buys them because they're better than the best systems out there.

I.e. they are the best systems out there?

That does seem like an ideal application for support vector machines. Do you know what kind of basis they use for SVM? Is it the usual exponential approach or something more specific to currency features?

Yes, I know. No, I can't tell you.

Out of moral or professioal obligation?

Does it matter?

>They're so good the treasury department buys them because they're better than the best systems out there.

This phrasing is gold. "Our product is so good, the government buys it because it's better than the best thing out there." :)

The treasury's best testing mechanisms are destructive.

Spectrum Analyzers?

The new bill detectors use PCA and SVM to analyze notes.

What sort of features?

You're right, that's the critical question. SVM on a picture of the note would be useless against all but the 12 year olds with paper and scissors. There's no reason to believe that the differentiating features from next years' printers would be separated by the same support vectors.

I think the real security is still in features that require expensive equipment to duplicate. Is it really that hard to use cheapo photodetectors to verify differential transmission/reflection (watermark), angle-dependent coloration (hologram), or to do some primitive spectroscopy (UV even) with a plastic lens and $10 CCD?

SVM might be a easy way to aggregate the features, but in that case it's just a calibration method and doesn't give any indication of the underlying security.

And this is where you're wrong. Most detectors use a PIN diode or a phototransistor. Both work just fine with the SVM.

Again, the security given in these detectors is SO good that even if I were to give you complete knowledge of the system, you can't beat them. I can't admit to having made counterfeits, but I can say that I've seen _all_ of them, and they do not work.

No, you haven't seen them all. That's a silly claim. And if the detector is what you say, I'm about 80% sure I know both why it worked so well and how to defeat it.

As much as I wish I could make a bet with you and test this, I wish for trouble from the secret service even less, so I guess that's off the table.

I will tell you, with full knowledge of how they work, I am incapable of beating the machines for US bills. Some other currencies have better and worse protection (generally better), but I _know_ I cannot beat the machines in the US.

I wouldn't expect that someone who attributes the differentiating power of the machines to SVM would be able to beat them on any kind of bill.

Also, BTW, UV doesn't work on banknotes. If you wash a banknote with detergent, the paper absorbs the UV frequency bending stuff in modern detergents and corrupts the note. However, your thinking isn't far off.

"The primary method vending machines use to recognize the denomination of paper money is through a magnetic scan; paper currency is printed with magnetic ink, similar to the ink on the MICR line of a check, that makes it easily identifiable to machines with magnetic scanners. In addition, each denomination is marked with different fluorescent properties. Many vending machines and other machines that read paper currency use an ultraviolet light to scan the bill, read the fluorescent response and issue the appropriate credit."

Incorrect. The magnetic detectors haven't been manufactured or sold since the early 80s.

The simplest machines do use 2 narrow optical detectors, but as their algorithms are considered good enough that you have to basically destroy a bill to use them, what's the point.

See my other post about SVM/PCA in this thread.

What is SVM and PCA? That sounds interesting.

Replying here so you'll see it.

PCA: Basically you represent your measurements as a covariance matrix about the data set you care about. You then find the eigenvalues and the eigenvectors of that matrix. These basically tell you the hyperplanes which most accurately represent your data sets. Unfortunately, I can't get into more details about how this is used for bill detection -- go read the patents and papers yourself.

SVM: Basically, you have a bunch of datasets, and you an unknown data point, and you want to figure out which dataset your new data point belongs to. Well, you're not a clever person, and neither am I, so you just come up with the "cloud that surrounds" your N-dimensional shapes. This is your Support Vector.

A Support Vector Machine is just "hey, I've got a bunch of characteristic datasets, find the minimum structure for each dataset that surrounds the cloud, and then let me compare them." In practice, it gets really thorny to find the minimum vector, so people use something called the Kernel Trick to simplify that into something more manageable. (Basically, it's a higher dimensional transform that maps your dataset into even higher dimensions which likely will simplify the data as there's probably an underlying structure to your data you don't know. You try a bunch of kernels, and take the one that works best for you.)

Again, I can't tell you how it relates to bill detection. I'm embargoed. Go look at the patents and papers yourself.

I've adopted a similar attitude as you here when it comes to past machine learning jobs, and discussion of detail. What ends up being your bright shiny line that you don't cross? I tend to just not talk about the specific feature engineering, being relatively upfront about such basic things as "I used a random forest".

IMO, two things:

1) Features are everything 2) So is experience

When people buy machine learning experts they buy both of these things. Anyone can learn the math, it takes time to get good with it.

Support Vector Machines, and Principle Component Analysis.


Wow, that helps.

"Principal components are linear combinations of original variables x1, x2, etc. So when you do SVM on PCA decomposition you work with these combinations instead of original variables."

"What do you do to the data? My answer: nothing. SVMs are designed to handle high-dimensional data. I'm working on a research problem right now that involves supervised classification using SVMs. Along with finding sources on the Internet, I did my own experiments on the impact of dimensionality reduction prior to classification. Preprocessing the features using PCA/LDA did not significantly increase classification accuracy of the SVM."

I can see how that relates to currency detection.

I'm an amateur in machine learning myself so I don't have a lot of knowledge of the details, but allow me to take a guess at what it's about.

Support vector machines are a machine learning algorithm that works by taking data points in some (usually) high-dimensional space, and classifies them based on where they lie in relation to a boundary that (mostly) divides the positive examples from the negative ones. So one way a bill detection SVM might work is by using images of the bills are being transformed into points in that high-dimensional space by treating individual pixels as different dimensions, and deciding if they're valid banknotes (and the denomination) based on where in that space a given point falls.

Since SVMs are designed to work well in high-dimensional data, you're correct that principal component analysis doesn't normally help them do better. Oftentimes it makes them perform worse. More likely, the reason they're using doing dimensionality reduction is to cut down on the size of the SVM's model. That could help in two ways: If you're using a really massive number of training examples, then dimensionality reduction can help cut down on the time it takes to train the SVM, or the space you need to store your training set. And if you're trying to fit the SVM into an embedded system, then dimensionality reduction would allow you to produce an SVM that runs well on lower-cost hardware.

It's more than that. The SVM kernel maps your multi-dimensional data into an infinite dimensional data. Because of the way the math works you can essentially learn from an infinite dimensional data without overfitting. The support vector is the data points that "support" the separating hyperplane, that is the points that meet the constraints. The other thing about SVMs is that they are computationally friendly.

Just as a simple example (stolen from the Caltech course which I highly recommend) if you look at points on a plane that form a circle and try to separate them with a line you're going to fail. I.e. your points are (x,y) and those in the circle are your fake dollar bill and those outside aren't. But you can take all these points and apply a non-linear transform, e.g. (x, y, xy, xxy, yyx, x+y, xx+y2), you get the idea... It turns out that now you can* separate the data into what's inside and outside the circle. The problem is you just increased your so called VC dimension of the model and you might overfit the data and not learn anything. SVMs let you get infinite numbers of combinations, without overfitting and with cheap calculations... Pretty neat.

Presumably they were simpler-minded fifteen years ago; either that, or the art major's high-end printer was a lot higher-end than it seemed.

Actually the cheap ones were really naff and relied on correctly sized notes and a mask and backlight with a couple of phototransistors.

A pretty picture cut to the right size would work. I think it was enough to prevent casual errors rather than strict validation.

These are Japanese machines. The US and Swiss makers are optical.

There's been consolidation in the industry, so there's really only the US and JAP makers left, and the US maker (MEI) is so far ahead of the rest of the world, there's no point.

Or a third option: the story is fiction.

Well, you'll look at it how you please, and I'll do likewise.

Hmm what if the strip was damaged or say brushed against a magnet at some point. Would it reject those bills? Are they still valid bills even with a damaged magnetic signature?

Ever had a perfectly crisp dollar bill that a vending machine would just refuse to take?

The majority of people will just take another bill out of their wallet and try again, so it is really a non-issue.

This is the main point. anyone willing to commit the crime will find ways. it is just like TSA at airports. Those systems do nothing to actually prevent the crime.

it just fatten someones pockets who then pass a percentage down to the policy makers.

I love to see figures on the size of the "being seen to be doing something" market. Im willing to be my entire fortune of 50 great british pence that its bigger than the video games market.

When I was in the States, some buddies had some Philippine Peso coins which weigh and are roughly the same size as quarters. They used a few if these to operate coin-based laundry machines.

The best part about this is, in small numbers, foreign currency just becomes domestic currency on the basis of similar appearance alone. You get a Canadian penny, you may not even notice, and even if you do, you don't care because the next guy won't either.

The laundry/vending machines are an interesting case because there's a decent chance that the the vendors would just be taking bags of coins to the bank where, presumably, the Pesos would be kicked out correctly. Even then, if there were only a small number of pesos, they probably just passed them on at someone else's vending machine, or in other cash person-to-person transactions.

It's hilarious to me that, while you can argue about what currencies are backed by, at the end of the day all that matters is that something spends. If something spends like a quarter, it's a quarter.

I was visiting Italy as a kid in the mid 90's. My dad would get pay phone token coins in the change, and apparently they were widely used interchangeably with the official coins.



In what world do you live in where QR codes can't be copied?

This is one of the things that made me really see the value of free software.

I did verify experimentally that the Eurion constellation alone doesn't trigger photoshop's image rejection algorithm. I think it would be fun to distribute a bunch of images that false-positive the digimarc algorithms, just to mess with people.

They could add the detection to GIMP. But then that would reveal what the algorithm is. And that would allow specific strategies for producing false negatives or false positives.

I'm still undecided about whether countermeasures to reverse engineering like this are useful or not in the long run.

Adding it to GIMP would be useless, because it would be trivial to produce a patch to disable the functionality.

These measures can stop a kid from counterfeiting. That's all they do. I'm sure in the process they could create some kind of sporadic troubles to designers which paid for the expensive software.

You can't possibly think that a criminal organization, with average tech resources, will have a hard time getting around this in a way or another.

It wouldn't even stop a kid. It would only stop the technically incompetent.

But that's the whole point. If you can stop the idiots from copying notes, you have a lot fewer potential counterfeiters to deal with.

That sounds like a decent addition to watermarking. It'd be difficult to crop out a watermark if you can't open the image in an image editor.

There's actually a nice service to build here: "invisible watermarking" for photographers and designers...

I think this feature was built into a Photoshop plugin in 1996. Digimarc.

I very much doubt there is any way you could do this with arbitrary images without completely destroying them.

This is one of the things that made me really see the value of free software.

How do you mean? Is there much (legal) value to be had from image software that can process accurate scans of currency? I'm just kind of confused here, what value you speak of.

Because my software should never tell me that I can't do something for non-technical reasons. Assuming I'm a criminal is wrong. If I was a criminal, breaking the law is my decision, and my software should not impede my ability to do so.

Furthermore, criminals are usually motivated enough to find something else that will do the job.

The Photoshop anti-counterfeiting stuff? It just scares off amateurs with an inkjet who don't realize every page from their printer has a tiny coded tracking mark that identifies the printer, date, and time.

> every page from their printer has a tiny coded tracking mark that identifies the printer, date, and time.

Another argument for free software.

For free hardware.

See below for example: "When I used to make news graphics for a tv station, every now and then this problem in Photoshop would arise and it was incredibly annoying to make anything with a flat dollar bill as part of the background."

"Ah! I remember reading the original web page from years and years ago about the fact that this happens. I wonder if they've discovered how they do it now (the algorithm). I will click on this presumably new (on a news site) link that says 'how'. WTF? It's just the same old page from 2004!"

On a related note: many colour printers leave a tiny encoded pattern on each page (based on model/serial/etc), ostensibly to help track counterfeiters. [1] [2]

Unfortunately, they're printed all the time.

[1] https://www.eff.org/pages/list-printers-which-do-or-do-not-d...

[2] https://www.eff.org/issues/printers

Perhaps also for forensics in case of other crimes as well.

The main use is to identify leakers.

When I used to make news graphics for a tv station, every now and then this problem in Photoshop would arise and it was incredibly annoying to make anything with a flat dollar bill as part of the background.

If this software is detecting currency, the obvious follow-up question we should ask is: what else is it detecting, how does it do this, and why?

Could it be that each image generated from Adobe Software also tags the image with unique identifying computer, timestamp information?

Given that Adobe is attempting to move their software over to their Creative Cloud service, then that is probably quite possible now.

Beyond that, I think the bigger threat to privacy by far in digital images is in EXIF data and reverse image searches.

Yup, that + what happens when it crashes? I wonder, if a network packet is sent somewhere.

This has been around for a lot longer then the article (from 2009) suggests. High end publishing printers had a lock-down mechanism built in as early as the late 90's when you attempted to print US currency.

As mentioned in this comment thread, there is a general description of the security features on newmoney.gov - while I was working on the original version of newmoney.gov for the release of the new $20 bill, we were given high DPI scans of the new bill and were only allowed to make low DPI, specific crops - all while in a "war room" that did not have internet access nor were we allowed to bring in any cameras or cellphones.

Some interesting little facts I was told while working with the BEP: most counterfeits are actually done by other countries with proper currency printing machines. Small time counterfeiting is generally bleached out $1 bills printed over with $5 images to retain the same cotton-paper ratio used so that it feels the same.

So much details on a note makes me wonder, if a message could be steganographed within notes.

Something like: If you can see this: Call 1-800-FED

Fun fact: The treasury department won't tell you what is actually on the bills. In fact, none of the governments will. You can analyze them till you're blue in the face, under whatever light or circumstances you want, but the treasury department won't tell you what security measures are on the bill, nor when they change them. Additionally, they sometimes change during print runs, and issues.

> the treasury department won't tell you what security measures are on the bill, nor when they change them

Here are a few Treasury Department webpages telling you what security measures are on the bill, and they publish a press release with a new interactive site when they change them:




These are what they tell you about.

Fun fact: you are asking the wrong branch of the government.

The Secret Service will happily tell you about security features of currency, and behind closed doors help you build methods to detect counterfeits if you have a reasonable justification.


Fun fact: 'branch of government' refers to the executive, legislative, and judicial branches. Nearly everything is under the 'executive branch'.


The secret service is under the treasury dept.

They used to be under the Treasury Dept. They are now under the Dept. of Homeland Security:



No kidding!? I did not know, nor expect that.

Most color printers print their serial number on every page to assist in identification of forgeries.


seems like something that can be bypassed by patching a couple jumps in asm with the help of IDA and a cup o' joe.

Perhaps more interestingly, the help of IDA could also determine what the code is actually doing in more detail than can be learned from the relatively crude black box methods in the link.

GIMP... and enjoy the coffee.

Well, yes. But then you have to use GIMP, which constitutes a punishment in its own right. ("...not a sin, but a penance.)

Exactly. Why is anything useful done, has to be done on a *nix? Oh wait ... that's how things GET DONE.

There's a sales pitch -- "Need to counterfeit money? Use Linux!"

At least for older versions of Photoshop there circulated currency-patchs so that you could edit money if you wanted to.

Does anyone have any insight into why Adobe and printer companies actually care about this? Are they being paid to do it by the secret service? (and wouldn't that be public information?)

Digimarc wrote the software for the Central Bank Counterfeit Deterrence Group. News of this was reported in 2004:


If you were living under the rock for last 6 months then I will answer you: no, it won't be public information, as most likely NSA/CIA/whomever surely would like you to print some notes, so they can catch you. So Adobe/others have a gag order/if any not to speak about the subject.

I would however think that they do that simply to protect themselves in case so that noone will come after them legally that they allowed counterfeit to happen (so easily). Sure you can always trick the machine/software, but hey at least Adobe did try to stop you so they do "work" in a good faith.

I once watched a documentary on counterfeits and it seems it would costs about $80 to produce a perfectly looking, no-difference $100 bill using the latest technology. Noone will ever attest its fake other than Federal Reserve, and thats only because they have never produced a note with this serial #. The real game, supposedly, is not in producing fake notes that pass all tests; the real "problem" is how you put enough number of bills in the circulation so that #1 you make plenty of money, and #2 you don't get noticed/caught.

Surprisingly, the price for a perfectly-fake bill is not going much higher than $80, and as the rumor goes, FedRe stopped producing $1,000 bills for this exact reason.

What bothered me in the other thread where I first learned this is that while I have always understood that I don't have a reasonable expectation of privacy on the Internet, I feel dirty as shit when I realize my computer determines when something is legal or not for me to do.

Slippery slope, this one.

The algorithm that the author is painfully searching by brute-forcing a picture is hidden by simply compilation. Decompilation of a binary was hard in the 20th century, not so much now. Discovering the exact algorithm only requires some time and some skills.

Yeah, gotta stop those evil counterfeiters. But not the Fed. Even though they've counterfeited 100s of trillions over the last 100 years. :P

In the distortion samples, the uri for orig.png redirects to a non-existent server.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact