Cashless payment system (RFID)

Hello,

We would like to offer a cashless payment system in our local bar by providing RFID chips with an amount of money on it. When the card is empty, it must be reloaded manual by hand (so there must be no automatic reload system).

  • I'm no expert but I've worked with arduino some years ago (I'm a network engineer).
  • I'm not sure if it's possible to store the balance on the card itself. Maybe it's safer on the server? Can the data on the chip (if possible) be encrypted, or is it? Not that familiar with RFID.
  • Is this whole idea even possible?

Thank you very much

Why not use regular Credit and Debit cards ?

I think you would have great difficulty making a system that is secure and which both you and the users can have confidence in.

Users could tamper with "value" stored on their device (in the privacy of their bedrooms) and you could tamper with "value" stored on the server.

...R

Sounds like a great idea!

I'm also no expert in arduino and particularly not in RFID but i'll put my thoughts up anyway!

  • I'm not sure if it's possible to store the balance on the card itself. Maybe it's safer on the server? Can the data on the chip (if possible) be encrypted, or is it? Not that familiar with RFID.

I'm pretty sure it depends on the RFID chip you use, I've seen some that are read/write, some that have been factory written and can't be changed (or at least not easily). I'm not sure how easy it is to corrupt one of the chips or damage it (and thus loose the persons money in this scenario) but I have had my access card at work fail before and it was never exposed to a room full of drunken men :P So my thoughts would be to go with have cards with unique ID's and then store any information about how much money is associated with each one on your PC/arduino system for reading and loading the cards. Advantages of this are that you are always aware of the money in the system (good for predicting spend etc. business stuff :P) and if your feeling clever you could quite easily record and develop some interesting statistics if you include a till of sorts, with your RFID reader, where you enter the products they are purchasing rather than just the number (business stuff again :P)

  • Is this whole idea even possible?

Certainly! - Will it be easy to develop a fast, reliable system? probably if you want to just keep it simple i.e. enter an amount to pay, read rfid, adjust associated balance.

would love to hear how this goes!

I'm not sure if it's possible to store the balance on the card itself.

There are many types of RFID cards. Some allow you to write to them. Others don't.

Storing the data on the server is better. If someone looses an RFID card without data, a new one can be issued, with no loss of credit. If the data is on the RFID card, loosing the card means loosing the credit linked to that card.

Finding such a card, with no data, could mean that the card is useless.

Is this whole idea even possible?

It is. It's not even that difficult. With the proper RFID cards and reader, that is.

I'm a network engineer

That will make the project easier.

Why not use regular Credit and Debit cards ?

I think you would have great difficulty making a system that is secure and which both you and the users can have confidence in.

Users could tamper with "value" stored on their device (in the privacy of their bedrooms) and you could tamper with "value" stored on the server.

...R

With local bar I mean 'youth club'. It's a place for friends to come and have fun together. A regular debit card system is to expensive (monthly cost) for us. At the moment we have this 'booze cards'. It's just a paper with 10 consumptions that they can buy. Everythime they drink/eat something, they get a stamp. We want to replace this with RFID cards.

About the value stored on the card; I Would like to store the value on the card AND on the Arduino (SD Card?). If the values don't mach, we will see a message so that we can investigate the issue. Also, the 'money' on the card will be very small. I Was thinking about a maximum of 20 euro. also, they can't tamper the value if I encrypt it?

Storing the data on the server is better. If someone looses an RFID card without data, a new one can be issued, with no loss of credit. If the data is on the RFID card, loosing the card means loosing the credit linked to that card.

Finding such a card, with no data, could mean that the card is useless.

We are going to tell our members that the data IS stored on the card and if they loose it the money on it WILL BE GONE. We are a small association with a limited amount of money. We don't want to be handing out new cards every week. It is their responsibility.

--

I Was Googling some RFID readers, but I'm not sture which one to use. Should I buy an USB Reader/Writer, or should I buy an Arduino RFID module?

About the RFID cards; the MIFARE Classic 1K should be able to store 1K of data, what should be enough for the balance on the card.

And last but not least; What Arduino do I need?

  • I need to be able to connect an LCD to it to see the current balance.
  • I Need to connect a keyboard (numeric + return key) to reload the card and the enter the price of the consumption.
  • I Need to save some data on the arduino (to match it with the data on a specific card). I Was thinking about an SD slot with an SD card, if possible.
  • An RFID Module, or an USB RFID (Read/Write).

Thank you

Usb would probably be easier.

With the shield you may have to write the reader code yourself. Its fairly complex, i would suggest not unless you are an experienced c programmer.

Mifare cards used to be used for oyster, there is a fair amount of security available but a lot of complex code writing to implement it.

If you use nfc you could use a central database to store the money, a copy could be put on the card so a smartphone app culd read how buch is left.

JenteJens: they can't tamper the value if I encrypt it?

They have the opportunity to take a lot more time in their bedroom trying to overcome the encryption compared to the time they will be in the club where you can monitor them.

Can you be sure a "full" card cannot be cloned without needing to know anything about the data on the card?

But the risk may not be any greater than with your paper system and a photocopier.

...R

Robin2: Can you be sure a "full" card cannot be cloned without needing to know anything about the data on the card?

...R

Yes. The Unique identifier is manufactured in and cannot be altered. Provided you keep a record of this no. its impossible.

Yes. The Unique identifier is manufactured in and cannot be altered. Provided you keep a record of this no. its impossible.

Thank you very much for this information. I Will order an USB RFID reader/writer and some Mifare 1K cards today to test the data storage capabilities and the security.

Provided you check the uid every time it should be bombproof.

Oyster cards on busses and trains do not have constant network access hence the need for complex encryption and authentication.

Door acess systems have used this method for donkeys years.

If you want nfc smartphone apps to read the balance mifare is a bad choice as it is incompatible with some of the chipsets used in the phones.

I do not see the need to write anything to the card for your application.

We don't want to be handing out new cards every week.

Require a deposit. Or, sell the cards. They need be nothing more than a key to a record in a database. There is no reason to store data on the card. Wave the card. The Arduino reads the tag value, looks up a value in a database, and authorizes, or not, a "sale". If not, collect some more money, wave the tag by a different RFID reader on a different Arduino, and have that one increment the value in the database for that tag, by the amount that you collected.

Require a deposit. Or, sell the cards. They need be nothing more than a key to a record in a database. There is no reason to store data on the card. Wave the card. The Arduino reads the tag value, looks up a value in a database, and authorizes, or not, a "sale". If not, collect some more money, wave the tag by a different RFID reader on a different Arduino, and have that one increment the value in the database for that tag, by the amount that you collected.

I Was thinking to do it with a master card. As soon as the master card is scanned, it will ask for the card to reload and the amount. That way a can only be reloaded when the master card (the one responsible) is in the building.

If you want nfc smartphone apps to read the balance mifare is a bad choice as it is incompatible with some of the chipsets used in the phones.

We don't need this, so I ordered the mifare cards.

When the hardware is deliverd, I will try with the balance on the card and on a central server. Thank you very much for the information so far.

I Was thinking to do it with a master card.

Two Arduinos with RFID readers makes the job much easier. Each has a dedicated role.

it will ask for the card to reload and the amount.

How? What user interface will you be presenting?

How? What user interface will you be presenting?

I Will attach an LCD and a numeric keyboard to the arduino.