Thread: CharlieCards v.v. Oyster (and Octopus?)
View Single Post
  #704   Report Post  
Old March 2nd 12, 02:09 PM posted to uk.railway,uk.transport.london,misc.transport.rail.americas
Roland Perry Roland Perry is offline
external usenet poster
  
First recorded activity at LondonBanter: Aug 2003
Posts: 10,125
Default card numbers, was cards, was E-ZPass, was CharlieCards v.v. Oyster (and Octopus?)
In message , at 14:39:53 on Fri, 2 Mar
2012, John Levine remarked:
In all cases, the lasr number is a check digit, computed using a
secret formula known only to people who know how to type "Luhn"
into Google.

When I was working in mail order we wanted to be able to checksum card
numbers handwritten on orders, or taken over the phone. We knew there
was a checksum, but the companies refused to tell us (this was decades
before Google, naturally). So we pooled our company AMEX cards on the
table, which of course had quite a lot of digits in common, and had
cracked it in about five minutes. Then, as we suspected, the same
algorithm worked for the rest.

But to return to the original point of this exercise, to get free
train travel, buy a $20 Visa gift card for cash at the supermarket,
and use it on the train. (Do they even have gift cards in the UK? If
so, make it a 20 quid gift card.)

There are lots of gift cards, but to be honest I've never thought they
might be numbered like credit cards. They are branded to particular
stores or chains.

And then there were pre-pay charge cards about five or six years ago,
which think got scrapped because they were too easy for money launderers
to move money internationally with. Their charges were a bit steep as
well.

Until you've bought $20 worth of tickets, it works normally, and the
ticket price is deducted from your balance when the transaction
clears. After that, the bank rejects the transaction, but if the
guard's ticket machine doesn't validate in real time, by the time that
happens you're long gone, and since the card is a bearer instrument,
they have no way to know who to go after. Repeat indefinitely until
the expiration date on the card.

Knowing the BIN ranges of debit cards and gift cards doesn't help
here, since many of them are entirely valid and the train company
will get paid.

The train companies already don't accept Solo and Electron[1], because
they (the train companies) don't have online verification, so they'd
just add those sorts of cards to that list.

[1] Debit cards for accounts with no overdraft facilities and/or
impoverished customers, like students, and under-18's.
--
Roland Perry
Reply With QuoteReply With Quote