Recent reports describe a success in extracting the state of Mondex card. This state could be loaded into other multiple Mondex cards thus duplicating the money, in close analogy to duplicating paper bills. I do not know the protocol used by Mondex but I speculate here about possible protocol counter measures that Mondex could take and about counter counter measures etc. The notes below apply to any smart card that does off-line stored-value. (Visa has announced a stored-value card but I don’t know if it is off-line. 2015: I think that “Visa Cash card” once referred to an off-line card but now refers to an on-line card.)

Mondex cards currently handle several currencies. The current cards handle up to five. They recognize many more but can store a positive amount for at most five at a time. The Mondex card will not do currency conversion.

An obvious partial counter to the threat of duplicating the card is to mint more than one, perhaps many, currencies. Lets call one of these currencies a series as in when the US mint produces a series of bills. The card would not disclose the breakdown into these series. The Mondex card would convert between currencies to avoid exceeding its storage. The series Id would be retained as Mondex money was transferred between Mondex cards. Alternatively the card could demand to call home when the number of series exceeded the capacity of the card. In this scheme only one or a few of the series would need to be repudiated instead of all of the Mondex money.

When the Mondex card issuer has reason to believe that there is bogus money in some series it can repudiate that series or at least require that that series must be converted to another series under special, non anonymous circumstances. It is not clear how to reach off line cards to inform them of the repudiation. A contagion algorithm might work.

There are many design parameters here. Keeping the design parameters secret gives temporary protection. A further danger it that breaking a card once may not keep it from accepting new a series and corrupting them as fast as they are introduced.

I don’t know whether multiple series is a viable game or business strategy.

There are other issuer strategies such as marking as marking the money as it passes thru cards. This gives extra information to the sleuth but further issuer strategies are not clear to me.

There may be solid strategies that I have not thought of. Mondex can not count in keeping those secret. It would seem better for Mondex and Mondex card issuers, if counter counterfeit strategies were disclosed for review by amateur paranoids before there were billions at stake.

Summary of the Game

It seems to me that this must be likened to a game. The strategies that I have thought of require the card issuer to be prepared to occasionally repudiate some of the e-cash just as bogus paper bills are sometimes repudiated (declared counterfeit). Alternatively certain strains of money may be recalled on short notice, redeemed, and retired. This involves redeeming some counterfeit e-cash and stiffing some legitimate card users, for there is no way to detect which money is bogus, even in the lab.

I have thought a few moves ahead. The game is asymmetrical and so one side or the other may have a significant advantage. The payoff, however, is distinctly in favor of the crook.

On Line Protocols

Technologies such as Metricom and Ricochet modems make the cost penalty of online protocols very small. Even the street vendor can be online. Online protocols have none of the above problems. If an on-line card is broken the loss is at most the amount on the card, just like a lost real wallet with only real cash.

Sociology

There are few areas in which I am less equipped to speak but here goes. I think that the fact that I am seldom burgled, despite the relative insecurity of the locks on my doors at home has more to do with our society than our police departments.

Tools to break smart cards might come to be like burglar tools. Burglar tools still exist and are in use but they are dangerous to carry around (when the police find you with them). The tools to break smart cards, however, already have legitimate homes in many organizations and need not be carried around. Perhaps it is feasible to lock them up. Incentives, however, don’t work well here. The owner of the tool, who is in a position to lock up the tool, is unlikely to have a direct financial stake. If the tool is abused the tool owner is unlikely to be traced except by tracing the tool user. Such tools are presumably part of certain engineering courses. In such environments it is very hard to monitor usage of the tool.

Physical Form Factors

Here is another area where I have no expertise but an opinion, none the less. I think that the Ring or Watch may provide a much better shape in which to include tamperproof logic. The thinness of a smart card defeats many tamperproof techniques. One millimeter for armor, logic, substrate and then more armor just doesn’t seem like enough. Also it has too high a surface to volume ratio.