Archive for the ‘Miscellaneous’ Category

TapGift cards

20 Jan 2010 12:27 by Rick

When I was a child, one of the things I loved to receive at Christmas and birthdays were gift cards. In those days it was book tokens and it meant that I could get something that I wanted rather than chosen by a rarely seen aunt who had forgotten how old I was. Later on it became record tokens but after a while these became a problem because few shops would take them where we lived. However, I think book tokens are still going strong.

In latter years everyone got into it and there was a big growth in store tokens. Everyone from the big department stores to smaller specialist chains had their own gift tokens; even some individual shops did it.

Recently there has been a move away from the denominated slip of paper with banknote like swirls, embossing, holograms and markers to a plastic card that looks like a store discount/loyalty/charge card. With this have come some security problems which are causing many people grief. The victims can be the shop or the customer and the perpetrators can be the staff, the public or third parties. I will concentrate on the problems for the customer because they have no control over the system.

The cards themselves are low security. They have a number which is duplicated by a bar code and sometimes by a magnetic stripe. Some cards also have a PIN which is initially concealed by a scratch-off covering. When the card is purchased it is “loaded” with money but this does not get recorded on the card itself but onto a central computer system. When goods are purchased with the card then the cost is deducted and any balance remains in credit. In order to provide the customer with documentary evidence a receipt is issued every time a card transaction takes place which shows how much is left on the card and this can also be checked at any time, either in a branch of the shop, by telephone or online.

How can you be conned? There are a number of holes in the system from old fashioned deception though to weaknesses in the system.

  • One way is that the card you are given when you buy one is not the card that was loaded with the deposit, it has been switched by the cashier. As this is likely to be a gift this is not discovered until little Johnny tries to buy his new trainers or whatever and then often not followed up because the parents don’t want to trouble the old guy that gave it because perhaps he did something wrong.
  • A similar switch can be pulled when spending a card with the cashier returning a different card with less on it or claiming the one presented has less on it than it does.
  • The other one I have heard of is even more blatant. When you buy the card, you are not given it, just a gift wallet containing the till receipt. When questioned, the cashiers have said that that is the token, there is nothing else. This was observed a few times when they were new and could have been partly down to poor staff training but in many cases they were not reported because it was thought that “aunt Millie had lost it before giving it to little Johnny.”

The cure for all of these is to observe closely everything that happens. When you get the card initially make sure the number on the card matches the one on the receipt and write that number on the inside of the gift wallet. Then when each transaction takes place, make sure the new receipt matches the same number and the card number is still the same. Also demand to have the empty card back, it is yours. If there is a significant amount of money on it then separately check the value using the phone/online system or another cashier.

There is one final scam which is enabled by the poor system design and there is not much that the customer can do about it.

  • The cashier selling the card has already noted the number and/or copied the card—if it is a bar code then a photocopy will do. They then spend the money on it before the legitimate owner. This is quite common around Christmas because they know that the card is unlikely to be redeemed until the January sales. It is very hard to prove that you haven’t spent it yourself because the shop has records that you have.

The flaw in the system here is that there is no interaction with the real card like there is with a Chip-and-Pin credit card. For online transactions they use the scratch-off PIN to verify that you actually have the card but in the shop there is no similar verification if you are on the inside—i.e. staff.

These observations were made on one brand (the M&S store card) but I am not picking on that one in particular because they all have similar problems. Perhaps there are some with real security but I haven’t seen one. These are being treated like real money, they are already as vulnerable as cash because there is no recovery if they are lost, yet the value can be spirited away from you without you even knowing.

TapGoat to Jail

19 Jan 2010 13:09 by Rick

Would all you people stop using unpatched versions of Google Chrome, my office is filling up with goats.

TapThe Riddle of the Pyramids

17 Jan 2010 15:07 by Rick

…or The Pharaoh’s Puzzle.

This is a puzzle that was given to me at Christmas because it is known that “I like that sort of thing” and the owner couldn’t solve it! I am not surprised. I am coming to the conclusion that it is not soluble. Not that it has no solution, because I suspect that it does, just that there is no rational way to come up with a solution and doing it randomly would take many lifetimes.

The puzzle contains 100 equilateral triangles each brightly coloured using six basic colours (red, orange, yellow, green, purple and pink). The combination of colours and their pattern around the circumference of each triangle differs from piece to piece. All six colours appear on each piece and except for 18 duplicates, they are each unique.

The object of the puzzle is to use all the 100 pieces and build a large equilateral triangle with a base of 45cms (10 pieces). Other than the colours there are no deliberate distinguishing marks on the pieces so there is no way to tell edges from insides. The interior circles on each piece are identical. So mathematics tells us that there are 100! (100 factorial) different arrangements of pieces – that is about 10 ^ 158 or 1 with 158 zeros following. Clearly some pattern matching reduces this considerably as bad matches are eliminated but using the best algorithm I could come up with and the fastest computer available I could not reduce the time required to solve it to within my lifetime or even this millennium. The only other feature I could extract from the pieces was that there were 20 edges (pairs of colours) that didn’t have a corresponding edge to match up with so must occur on the outside; but which of the occurrences of those edges they actually are is anybody’s guess.

So…do you know this puzzle and do you have a solution or even insight to a better method? If so I would like to hear from you. The publishers, “Brand Makers International Ltd” of Kirby Muxloe seem to be out of business.

[Update] I realise that my description wasn’t good enough as a couple of people have written to say that they didn’t undertstand what the problem was. So I have scanned a few of the pieces so you can see how they have to fit together—colour matching to colour. Do that 100 times and you are done.

TapThe last cheque is in the post

17 Dec 2009 10:17 by Rick

I have written before about why cheques should not be allowed to die and yesterday there was an announcement that they are to be phased out by 2018. They say “but only if adequate alternatives are developed” but by what and whose criteria? The committee is mostly made up of bankers and we all know whose interests they will be looking after.

We were wondering, while walking across the downs last night, if it is actually possible for cheques to be discontinued. After all, a cheque is only a signed letter from you to your bank to make a transfer; either to a named individual if the cheque is crossed or in cash to bearer. The banks issue fancy forms pre-printed with your name, account number and other details but you don’t have to use them. As A. P. Herbert demonstrated, a cheque can be written on anything so long as it contains the essential ingredients—information to identify the account (the bank and account name or number), validation of authority to make the transaction (signature) an amount, a date and a payee.

Of course you can take this a step further and remember that bank notes are only a specialised form of cheque. It is a letter from the chief cashier of the Bank of England at the time to credit you with a certain sum of money. When invented this meant gold but I am not exactly sure what it means now.

Footnote: it is also funny to notice that bank notes now have a copyright notice “©The governor and company of the Bank of England 2000.” Not only is that unnecessary as there are other laws forbidding uttering (forgery) but copyright law doesn’t even need it. Perhaps it is to dissuade Johnny Foreigner from photocopying a stash.

TapWot! No page 3?

9 Dec 2009 08:59 by Rick

It was a clever ad – but it no longer exists!

TapDedication

26 Nov 2009 16:51 by Rick

I have just been listening to an episode of Open Book (BBC Radio 4) in the car on the way home and they were talking about the dedications you find in most books before the preface and how revealing they can be. A very public expression of often very private thoughts. I was reminded that a book hat I have just finished had something similar, yet different. The novel “Fatal Voyage” by Kathy Reichs has quite a normal dedication but the copyright is assigned to ©2001 Temperance Brennan L.P. Unless you know her books you may not realise, but Tempe Brennan is the principal character in a lot of these novels so what is the author saying here—and, if it came to a dispute, could the copyright be upheld?

TapBeware the Facebook Bikini Girl

24 Nov 2009 08:48 by Rick

This is one for the boys—not. We have discovered that it is mostly the girls who are caught up by the Farmville type scams but this time it is the boys using Facebook that have to look out. There is a very sophisticated worm about (a worm is like a virus but crawls through web sites rather than directly between PCs). If you see someone’s profile picture has become a rather curvaceous girl in a Bikini then *don’t* click on it. If you do, then three things will happen. First you will be taken to a web site which contains rather a lot of porn. Secondly, that web site will download a lot of nasty stuff to your computer such as programs that steal account details. Thirdly, your profile will be changed to include this picture so as to attract other mugs victims. I said sophisticated at the start because it uses a lot of different techniques to trap you, from the initial social engineering making you think with the wrong part of your body through to clickjacking which is a page layout technique where you think you are clicking on something innocent (ha!) but actually saying yes to something important hidden underneath. As Roger Thompson says in a parody of Trooper Truth, “Keep safe, folks.”

TapTypical Farmville scam

12 Nov 2009 12:14 by Rick

If you are not aware of it, Farmville is one of the many addictive games that are available in Facebook. It is not the only culprit in these deceptive marketing techniques but among the best known. What you also need to know is that the lure is the internal currency used in the game. There is a thriving market in this to rival some minor real world currencies. For those that refuse to part with actual cash to buy the stuff then they try these sub-games.

Take the Farm IQ Quiz! test your knowledge of farming with the Farm IQ Quiz! How much do you really know about crops and farms? Take the quiz and find out today! No credit card needed to receive Farm Cash withing minutes.

At the end it says “Farm Cash awarded after the submission of a valid mobile number and PIN confirmation.” What they don’t say anywhere obvious is that sending this PIN number back to them as “confirmation” subscribes you to a mobile service which will cost you $9.99 US per month (there may be different versions in the UK). This is only one variation that makes Farmville and its associates part of a multi-million dollar business and as a side effect, the advertising boots the profits of Facebook. They don’t have the muscle to stop it but, when there is this benefit, why should they bother.

Thanks to SunBelt for the lead and TechCrunch for the detail.

TapCold Call PC repair

10 Nov 2009 12:33 by Rick

I just had a “Help desk” call from a friend who relayed a phone call he had received earlier this morning. The caller knew his name and address (and obviously his phone number) and then went on to say that his PC was running slow and was having problems and they could fix it for him. To demonstrate they asked him to open Start==>Run and type “eventvwr” which would open a window, then click on “System” and he would see a lot of yellow triangle warnings and red cross errors which showed that there were problems. They then said that they could fix it remotely but the conversation never got far enough to say how as he became too suspicious.

On further questioning, during which he was passed between three different people, he discovered that the company was called SupportOnClick in India at www.supportonclick.com and could be reached at a UK number in Bradford 01274 900834. This looks like a legitimate web site for a PC support company which works in America, Britain, Australia and NZ and I suspect that the next stage of the call would be a connection via Remote Desktop and they would do something innocuous and then try to sell you a contract for three years.

I don’t suspect that this was a criminal scam, either obtaining personal bank details or infecting your PC with malware but the methods are certainly deceptive—the mechanism they used to “demonstrate” that there were problems will always show some errors. It is useful for diagnosing problems but not worrying of itself. I suspect that they are just working down an electoral roll or some other mailing list; the majority of people they call will have a PC these days. Doing a web search I find that some people are not so lenient and, as they seem to use other deceptions like passing themselves off as from Microsoft or your ISP then perhaps it is more sinister and they are trying to sell bogus AntiVirus software after all.

TapLego, but no soul?

6 Nov 2009 14:13 by Rick

xkcd cartoon

With thanks to xkcd.

^ Top