Cashless Society

roomisigloomis writes "France has released "en masse" a new card to replace money. No private information is stored on the card and anybody can use it. Just like cash: you lose it and someone else uses it. Do you think we could be nearing the end of life of paper money?"

The End Of Paper Money?

[TropicalTexan]

No Way...I can't see an easy way to hide this stuff completely as you can with cash. There's always going to be a need for totally anonymous, never expires, never gets damaged cash.

Old news

[reynaert]

In Belgium this has been available for a couple of years now. It's called Proton over here and is pretty popular.

Fatal Flaws

[NeoMoose]

What the hell are you supposed to do when someone decides to be an ass and demagnetize your card? Does your money just vanish since you can't scan it and it carries no identifying information?

Sounds good to me

[virtig01]

This would, in theory, save the Treasury Department a significant amount of money. The Sacagewea (sp) dollar coin was introduced to reduce Americans' dependence on the paper dollar, since a paper dollar must be replaced more often then minted money. I mean, I've got a 1963 nickel in my pocket right now. What's the oldest dollar in your wallet?

Of course, I'm not so certain that this needs to be a government implemented project. Companies in the private sector have already done something similar, see Visa [visa.com].

And anyway, don't many people choose to be cashless as it is now? When I was in retail, a large percentage of people paid with debit cards linked to a major credit card. There's no cash! John Doe has his paycheck directly deposited in to his checking account, then pays for purchases with his debit card which utilizes a preexisting network system (Visa, Mastercard).

So bottom line: yeah, a (near-)cashless society is cool, but is government intervention necessary?

Re:Fatal Flaws

[TeknoHog]

It's a flash chip, not a magnetic stripe. Still, there's the potential problem of hacking into it, for example to add more money.

Re:Fatal Flaws

[trmj]

Ok I'll bite.

I happen to work at a store that uses an all-computerized POS system. It's a fairly big retail store, and I have watched the system go down and power go out before, while the store was open and there were customers in there.

What happened? Well, we pulled calculators off the shelves and found the prices manually, hand wrote reciepts, and anbody that had cash was able to pay and leave. Anybody that needed to use credit / debit had to wait until the power came back on (usually 30 min).

Re:I'm not sure..

[OttoM]

If they are smart, the card only carries a serial number and the actual amount is stored elsewhere (like credit cards)

You are wrong. Like the system used here in the Netherlands it is an off-line system. The card itself stores the bit string representing the money. On-line transcations are too expensive for this type of transaction, which is typically used here for parking fees.

Hacking it may be possible, but is quite difficult. Reasonbly strong crypto is used in these card. The cards carry a smart card that is capable of doing arithmetic functions that are needed for doing the cryptographical computations.

The protocol used for "charging" the cards does work on-line, and needs special terminals that are mostly located at banks.

Re:Australia hasn't had paper money for 10 years!

[Bitsy Boffin]

Dunno about in Australia, but here in NZ we introduced polymer notes a few years ago, and they sure aint paper, damed tuff stuff - sure as hell can't tear it.

Who gets the float...as if I need to ask

[hazman]

The problem I see with these cards is that you essentially buy them from a bank.

Let's say you buy a $100 dollar card from the bank. The bank transfers $100 from YOUR account to their account from which it can be used by the bank to loan to other customers and earn interest (mortgage loans, auto loans, credit card loans, etc). So if it takes 2 months for you to use up the $100, you've "given" your capital to the bank to use for two months.

On top of the banks getting the "earning power" of your $100, they charge you to get your capital back through transaction fees! So at a minimum, the bank makes 50 cents on every card it "fills up". If it takes you two months to use the card, they get up to ~$2.00 more!

On top of all that, what happens to the money that never gets used, lost cards, broken cards, cards that have only 50 cents left on them so they get tossed into glove box. I'm sure the banks won't let go of that "unclaimed" cash without a fight.

No, I'll continue to use my ATM card that's linked to an interest bearing checking account, even though its a microscopic rate and live under the illussion that I have control of my cash.

The first step

[Anonymous Coward]

A lot of people posting here seem to think that this is great, whereas there was a huge outcry in the postings about the Patriot II draft legislation which would effect, by and large, a very small number of people. This has the potential to touch everyone in the US in a pervasive manner.

Consider this:

> No private information is stored on the card and anybody can use it.

Step 1: Put infrastructure into place in benign manner.
Step 2: Wait for natural convenience to grow user base.
Step 3: Start mandating it for a growing number of transactions.
Step 4: Change rules so ID is present or tied to transaction (to prevent money laundering, drugs, etc.)
Step 5: Wait until appropriate minority steps out of line.
Step 6: Flip the switch to their cards don't work, or cards call police, etc.
Step 7: Oppression!

Shudder.

Remember kids: In the US, transactions over $10,000 are tracked by the government to fight money laundering, drugs, etc. This law brought to you courtesy of the Clinton administration and the letters I R S.

Re:Fatal Flaws

[gvonk]

If your store is truly dependent on being able to survive in this scenario, there would be a market for a battery-powered device that would scan the card and debit from it (I assume using the cellular network). It would seem possible looking at this picture [cnn.net].

Re:Claimed anonimity is bogus

[evanbd]

Not neccessarily true...

Though I imagine you're right for this implementation, it is possible to build a digital cash cryptosystem that is as anonymous as cash. I believe Bruce Schneier covers the basics in Applied Cryptography; we went over it in an intro cryptography course I took, and I think that was the source.

The basic system is that the bank signs individual units of value (think individual bills). You then insert your card, and it transfers several of them over, gets change if needed, etc.

For the more detailed explanation (somewhat):
You, the party desiring cash from the bank, begin a transaction to create a bill. You tell the bank the account number to take the money from, and prove you're you through whatever standard techniques. Then, you create a handful (say 10) "bills"; they're real bills, minus the bank's signature. You give them each a randomly chosen 128 bit id (128 bits is enough to avoid collisions, globaly -- but you need a good source of randomness). Then, you blind each bill with a new random number. Then, you encrypt all the bills, using a different key created only for this purpose. This extra key will be thrown away when the transaction is complete. The blinding and encryption work such that you can only recover the original text with both the key and the blinding number. The bank then chooses one bill, signs it, asks to see the blinding numbers on the other 9 and also asks for the decryption key. The bank verifies that the other bills are valid, and can assume the tenth is too. They sign it and return it to you. You decrypt it and deblind it. The math works such that the banks signature is still intact. Basically, using RSA, encryption and decryption are exponentiation, and blinding is multiplication (all done modulo the key).

The bank has now signed your bill as being worth money, without knowing the id number on the bill.

This system is rather complicated, and it is unlikely something equivalent has been implemented in this case. But it is possible to do it right (just hard). I've simpleified a little, but the major pieces are there.

Australia's plastic money is much better..

[Large Green Mallard]

All of Australia's banknotes are made out of plastic. Which gives them the advantage of last a sodding long time...

Australians or anyone with them.. the first two digits of the serial number are the year of manufacture. I have a $20 made in 1994 and another from 1998. I jut got some 2002 date $20s.. ei, they only need to print new $20s every 4 years :) Granted, $5s last a lot less, but it's still a whole lot better than paper (cotton pulp) notes.

Of course, they spring around like no-body's business and are absolutely frictionless, but the concept is so cool! :)

Pictures at -> http://theducks.org/notes

Time to go to france...

[Psyko]

Looks like it's time to grab the ole' smart card encoder and head over the pond... Has anyone even taken a look at the security on this?

Smartcard reader/writers have been available to the general public for quite a few years now (The Eltron 310 [yahoo.com] does full color card printing, mag encoding, bar codes and smart card encoding in one box for $3k), and you can find schematics on how to build your own all over the place.

Re:Card to card transfers?

[Anonymous Coward]

I suspect that these remaining sums have become part of the business model of a great many companies by now.

Here in the Netherlands, when you want to travel by bus, you pay for every bus-zone you travel through. A bus card allows you to travel through up to 23 (I think) zones. But once in a while they will issue new (and more expensive) buscards, and invalidate the old ones. If you still have half of your zones left - well, sorry.

I only carry a buscard for emergency reasons (when my bike breaks - I travel a lot by bike), and it bother me a great deal that when I need it, almost invariably I find myself faced with having to buy a newer, more expensive card while I still have most of the zones on the old one left.

The same is true for other reuseable card types. I have an old phone card. Technically I guess it is still valid, but in practice they removed most phone booths because everybody is using mobile phones by now, so it is useless to me now.

And if you own a pre-paid mobile phone that you *only* use to receive calls, well tough: the phone companies decided they were not making enough profit on you and disconnected your paid for phone. The only way you can use it again: pay for it *again*.

There is a morale here: whenever something takes the role of money, be it in the form of a pre-paid reuseable buscard, phonecard, or phone, they will periodically try to get you to pay again. And that's exactly why I am not using those money-cards.

You buy cash vouchers...

[hughk]

I know this is funny but here is what actually happens at a particular club in Europe, Golden Dolls in Frankfurt.. You buy "Golden Dollars" (Note: not euros) with your Credit or Debit card, you insert said "Dollar" into lady's whatever. Lady exchanges said "dollars" back for real money at a house discount. Cash tipping isn't permitted.

Re:Europe already has stopped using paper money.

[nagora]

The Euro bills are made of a paper that consists of mainly cotton.

High-quality paper is always made with linen, cotton and other natural fibres. It is a common misunderstanding that "paper" is synonymous with "wood pulp".

TWW

How it works

[Paul Johnson]

These things have been around for a while. They depend on two things:

1: Secure chip cards.

2: Public key cryptography. This post assumes you know the basic concepts.

IIRC the protocol works (roughly) like this.

1. Card 1 says "I am a genuine card. Here is my public key and a certificate for that key issued by the bank."
2. Card 2 says "I accept your certificate. I am also a genuine card. Here is my public key and certificate."
3. Card 1 says "I have decremented my cash register by $5. Please increment your cash register by $5. Signed: Card 1."
4. Card 2 says "OK."

This transfers $5 from card 1 to card 2.

Step 3 is the critical one. If that message gets lost then the $5 is lost as well. Of course a real protocol will include nonces and resends so that a single lost bit won't destroy your money.

This has applications beyond just replacing cash. People have been looking for a way of making small transactions over the net for years. These cards are potentially it. Plug a card reader into your USB port, put a similar one on a server somewhere, and you can purchase information off the server, paying by the page if you want. Conventional credit card transactions have high fixed costs. The costs on these cards are very low.

(Actually the server will probably have a PCI card with a high-speed, high-capacity version of the chip. But the principle is the same).

On security, PKC is the easy bit. Securing chip cards is much harder. If you can spoof a card into accepting messages from something other than a real card then you can forge money untraceably. To do this you either have to extract the private key from a card or find some other way to increment its cash register. Both of these need tamper-proof cards. The techniques for doing this are too many to go into here, but you need to worry about power supply signalling information about the processes going on in the cards, and random errors induced by putting the card in a microwave oven (no, I'm not kidding) giving information away too, in addition to raw physical attacks like stripping off the plastic and using very fine patch leads.

The biggest weakness is that any card is potentially an entry point to destabilise the entire system. I suspect this is the real reason for the $107 limit: cracking a single card would give you as an individual considerable wealth, but moving that wealth into the rest of the financial system by (e.g.) depositing it at a bank would show up in odd deposit patterns long before you could "forge" enough money to destabilise the economy. Also the individual who does this has every incentive to keep it quiet: not only has s/he committed a crime, but everyone in the know is a potential blackmailer.

Of course someone might find an easy crack and publish it. This is probably the worst case scenario. The only solution is to recall the cards and go back to cash until the problem can be sorted out. Again, the card limit helps put an upper limit on the cost of this.

Paul.

How much is on my smart card?

[Anonymous Coward]

I live in The Netherlands and we have a similar system. About the only useful place to use it however is parking meters. You see it costs about 25 Euro per day to park in Central Amsterdam on the street and feeding 25 Euro in coins isn't very convenient whereas sliding a card in the meter is. But if I can pay with a chip at a restuarant or pay with cash why not pay with cash? I have to have cash anyway because the chip isn't universally accepted! Lastly, the thing I hate is you can't tell how much is on the chip without being at a merchant/loading point. With cold hard cash you can always thumb through it and see what you have (reminding you to go to the ATM for example) but with smart card you have to remember this yourself, and have the same annoyance to re-charge it (like visiting an ATM) if it is due. So, unless there is a "killer app" - like the parking meter - or universal acceptance (eliminating the need to also carry cash) I don't think it'll take over.

Re:The black market is the answer to the success

[Saxerman]

e-cash will never take off until people can be 100% sure they can use it in dubious (viewed more or less illegal by the state) activities

Since the card is 'anonymous' you could merely hand it over to someone you wanted to pay. At the moment the cards are too costly to make this practical, but once the price drops the more dubious members of society can merely shuffle their cards around to hide their transactions. Even with expensive cards, you could still trade them with anyone for a card with the same debit level on it, thus obfuscating the paper trail. I can see a new form of e-money laundering being created out of this.

Re:Why so many different standards?

[jsinnema]

Kinniken wrote: >Oh, and I kinda like the euro coins, it's fun to >see some from 12 different countries mixing in >my pocket. You can have a look at the the euro coins from 12 different countries and Monaco, San Marino and Vatican City here: http://www.euroswapper.com/euro_coins.html [euroswapper.com] Greetings, jsinnema

Nope

[istartedi]

The money is anonymous, but it's numbered.

A legitimate "add cash" operation leaves a record in the database.

When the user tries to pass the counterfeit card, the database is checked and when it finds, for example, that "card 0x8782a321=54.21" but the card says "card=100.00" the POS terminal knows it's counterfeit. The integrated security camera clicks on, homes in on your face, and e-mails your picture to the authorities.

I like that. We in theory could do this now with old-fashioned bills. One camera (with a *very good* machine vision system) looks over the shoulder of the cashier. Camera one is looking at the serial numbers of the bills. Camera two is looking at the customer.

Camera one is hooked into a database that tracks the locations of bills and serial numbers (think WheresGeorge on steroids). If the system discovers a bill passed with SN that isn't in the database, or that is already in a till someplace else, the customer becomes a counterfeiting suspect. This obviously requires some sophistication. For example, a bill may not be in the till anymore, but if it left the till in Hawii, and enterred a till in Maine 45 minutes later, you know the bill in Maine is counterfeit. The program would obviously have to be updated if commercial hypersonic transports ever became available (!).

Such a system won't catch a counterfeiter every time, but the odds would catch up with him. A more cumbersome system that doesn't use machine vision and requires the cashier to run bills through a scanner could probably be implemented in a much shorter time. Building RFID tags into the money makes even better sense if they are robust enough, but ongoing passage of "microwaved" money would make you a counterfeiting suspect even if your money was being legitimately zapped..

I like this. It is, in some ways, the antithesis of "the beast" because they are numbering the money as opposed to numbering the people.