VISA Travel Money

Thu Aug 1 12:01:16 PDT 1996

Cerridwyn Llewyellyn wrote:
> 
> >> It's not as anonymous as cash, but it might draw a lot less
> >> attention in my circumstances.  I think it has a place in one's
> >> aresenal of privacy enchancing technologies.
> >
> >     This card has the value "written" when you "purchase" it right?
> >
> >    Any one wanna bet on how long it will take the "Hacker" Community
> >to figure out how to "refill" it? Otherwise all you have is a
> >debit card.
> 
> Interesting related story about DefCon:  for those of you who have been
> to Las Vegas, you know that many casinos have mag stripe cards that are
> issued for a variety of reasons, that are just as good as cash in the
> casino, but can't be used anywhere else.  Many use them as a sort of
> debit card for slot machines.  The story goes that a few DefCon attendies
> acquired a few of these cards from the Tropicana, and re-wrote the stripe
> to read that they had over 60,000 "points".  I guess they discovered that
> the card was re-written each time it was used.  Unfortunately for them,
> what they didn't discover was that the system also kept track on a
> computer somewhere, and the large difference between the computer's tally
> and the card's value set off numerous red flags, they found out relatively
> quickly when two Casino Security guards escorted them to the police station.
> Oops.  I can't help but wonder what would've happened if they only made
> the difference like 10 points instead of 60K?  These two people were not
> too bright, as they were staying at the Tropicana, and probably had all
> the equipment in their rooms.  If they were of age, I believe (depending
> on what they found in the room) they can each get multiple 15 year federal
> sentences.
> 
> Moral of the Story: Mag Stripe cards are never secure by themselves (the
> credit card companies mistakenly relied on security by obscurity and are
> feeling the painful effects still today), but have the potential to be secure
> if backed up by that kind of system.  However, it would only really be
> practical
> in a closed environment like a Casino.
> 
> Thus, for the sake of all the lovely banks I know and love, I hope they
> either A. choose something other than mag. stripes, or B. use them only as
> debit cards that are checked against a bank account when used.
> 
> //cerridwyn//

Those cards are not debit cards. They are used to track a players time
and money spent playing slots and other games. I have a stack of them. 
Whenever I go to the blackjack tables, I give mine to the pit boss
and he writes down the amount of money I am gambling with and time spent
at the table. 

The only thing the cards are used for is "comps". I get a free prime rib
dinner after playing for "x" amount of points. I think the case will
either get thrown out of court, or the casino will drop charges. Since
the points have no monetary value, the fraud charge probably will not
stick (if that is what they were charged with). The two hackers will
probably get a call from "Guido" reminding them never to step foot back
in Vegas.