Ok so I thought it would be a good idea to wrap things up around this project now. I’ve been doing a lot more work on it now, perfecting the scripts and so on. I even wrote my own barcode program in Java (for fun), and bought a receipt printer so that I could perfect my proof-of-concept receipt.
I also got a new reply from Tomra about my questions, and it seems that they have been forwarding my email around in their company, and then forgot to remove their subject line when finally sending me an answer. And thus the subject was something like “A lot of spam from the same customer” … cute. But the answer I got was the same as usual, as in “We have a solution that has been working for a long time now that we believe in, so we can’t tell you more about it. Thank you for your interest”. Of course I understand their view on this, as it is a very expensive piece of machinery and not something they will just openly expose everything about to random people like me. I haven’t been able to find a store with this security yet, although I got a receipt a few days ago that indicates something unusual, so if I get the time for it, I might actually check that out as well, just for fun, and to see if there actually is some security.
The kind of security that I can imagine that they have, is some sort of control number on the receipt that is stored in a database and then removed from the database when the receipt is scanned by the cashier (I have seen some receipts with an expiration date of 2 months and such, which would indicate something like that). Of course this security will hold pretty ok, except if the store has one of those self checkouts, where the customer scans all the receipts themselves, since then you can try to have a bunch of receipts with you and try every time you shop, and if you are lucky there will be a matching receipt in the database (of course this will be extremely hard since the control number and amount of money on the receipt will probably have to match, and thus making this pretty meaningless to attempt).
My solution is actually similar to theirs, with the control number and everything, except that I have two approaches.
The first method is to do it like they probably have, as in having a control number and then have the machine add it to a database that the cash machines check when scanning the receipt.
But instead of using an EAN code, the receipt would have a QR code (which can store a lot more data than an EAN code can) that contains PGP encrypted data. The machine would have the public key and the cash machine would have the private one, and the data stored would be the amount of money and a control number.
The second solution is one where the machine does not have any contact to a database or any kind of network at all.
The receipt would still have a QR code with almost the same encrypted data, but it would also have the date when it was created, so that when it is scanned, it is added to the database then, instead of being removed at the time of scanning, and if the date has passed the expiration, it will not be added and be counted as invalid, and if it’s valid, it will be added and then kept for the time it is valid, and then removed by the system. This way the machine wont have to be connected all the time.
Anyway enough about that, so I actually bought 2 printers, one being an Epson TM-T88IV, and the second one a Star TSP100 ECO. I had a lot of trouble with the Epson one at first, so I bought the Star one since I read some pretty good reviews about it, and then it turned out that I had configured the Epson wrongly (I discovered this when I was playing around with the Star one, so I guess it was worth it in a way).
I will fix the Epson one a bit, clean it, add a driver DVD, make a short manual and add a cable for it (didn’t get a cable when I bought it).
And when I finish fixing it, I will try to sell it for a bit more than what I got it for (it was in bad shape when I got it, but it’s mostly fixed now).
The Star one that you can see below, was in really neat condition and works very well, so I will keep it for future projects.
So with this I printed out some example receipts first, to try the quality.
And then with my new barcode program and the updates that I made to the scripts, I could finally print a very good looking and authentic “fake” receipt! 🙂
As you can see on the fake one to the left, the barcode is a bit smaller, and this is due to me being a little bit lazy now at the end (The barcode program isn’t 100% finished yet, but I will fix it more later so that it can make the barcode a bit wider, but I don’t have much time for it right now).
I tried to scan the barcode on the fake one as well, just to make sure that it worked.
As you can see, the real one to the right is a bit old and the color is about to go away, but the strength of the color would be about the same as the fake one.
Do note that the “ink” and paper of the fake one, is the same as the real one, so it would be very hard to tell them apart in the store.
And with just a little bit more work, you could make them exactly identical, but I think I have made my point now, so I wont go into that.