FedEx Kinko's Payment Card Hacked
This site goes into detail about how the FedEx Kinko’s ExpressPay stored value card has been hacked. There’s nothing particulary amazing about the hack; the most remarkable thing is how badly the system was designed in the first place. The only security on the cards is a three-byte code that lets you read and write to the card. I’d be amazed if no one has hacked this before.
EDITED TO ADD (3/2): News article.
Joe Patterson • March 2, 2006 7:56 AM
It bugs me that the article says that what the cards need is some encryption, and while that might help some, it wouldn’t hurt for them to also have some authentication.
Of course, I’m also kind of curious what FedEx Kinko’s can do at this point. It’s a bad situation. One of my favorite sayings is “If you have a mouth full of too-hot soup, the next thing you do will be wrong.” I don’t know what they’re going to do about this, but I can almost guarantee that it will be wrong.