MasterCard International Corp has bought a 51% share in Mondex Ltd, a British company which produces electronic cash smart cards. Mondex has been on pilot tests in Swindon, England, for the past year or so, and MasterCard claims to want to make it available across Britain. Are we the only ones who think this is […]
MasterCard International Corp has bought a 51% share in Mondex Ltd, a British company which produces electronic cash smart cards. Mondex has been on pilot tests in Swindon, England, for the past year or so, and MasterCard claims to want to make it available across Britain. Are we the only ones who think this is suicidal, either for MasterCard and its associated banks, or in the worst case for the whole currency? The arrogance of the people behind this and other forms of virtual money, in thinking that their codes can’t be defeated by either brute-force or backdoor mechanisms, is quite breathtaking. We have already seen an example of how this kind of thing has been done. Earlier this year two Japanese firms lost 55bn yen when criminals counterfeited the stored money cards that they manufactured. The cards were originally used to pay for arcade games, but you can get refunds wired to an account if you cash in a card. And when the Mondex trial system was launched, BBC Television showed how easy it is to retrieve all kinds of smart card technical data over the Internet.
Once those smart cards, readers, and Automated Teller Machine card-point-loaders get widely distributed, they will be sitting targets for anyone who fancies a shot at reverse-engineering them. Possible reward: a machine that effectively prints money, but far, far more attractive than forging bills. I think the bad guys might just have a few 200MHz Pentium Pro systems to spare for this; although in any case, stealing just one card-loading machine would seem to be simpler. For one thing, a fake bill is still a fake bill after it’s been passed on ten or a hundred times, and the person introducing it into the system knows that, for the first few times each bill is used, there’s at least some possibility of tracing it back. For fake electronic cash, however, there’s no way to distinguish between the real virtual stuff and the fake virtual stuff. As a result, nobody will care whether what they’re being given is real or not, like they currently do with those fancy ultra-violet lights, because they won’t have it rejected by the bank. Having any teller machine able to load up your smart card with points, is the equivalent to having current teller machines print the bills fresh ‘n’ crisp when you ask for them, and just making a mental note to settle up with the central bank later. For a number of very good reasons, central banks don’t like the idea of this. Does anyone imagine that the directors of BCCI would have bothered ripping off their customers, had it been easier just to print a few bills and forget to notify the Federal Reserve or Bank of England ? Even worse, the only way that we will ever know that there are is lot of fake Mondex cash in circulation is when inflation starts rising for no obvious reason, at which time, the crisis in confidence in the banking system doesn’t bear thinking about.
This article was originally published by Nick Brown in the Risks Digest.