EasyCard system question

So I have this ongoing disagreement with a (foreign) engineer friend of mine.
I say that the EasyCard readers on the buses store all the data from the day’s activity and then dumpload when they go back to the garage at night.
He’s convinced that all activity is transmitted wirelessly to a central DBA installation as it happens.
That seems to me like way more system than the infrastructure would be able to handle.
Anyone know for sure?

Recently I took a bus to Yangmingshan from Jiantan. The red light above the door had the “shang” symbol to pay as you board. So I swiped my card and went up to Yangmingshan to go hiking. It started raining, really it started pouring, so I went to the bus station to wait for the next bus. After about 30 minutes a bus finally came and picked me up. I swiped my card and it didn’t work. Some alert came up in Chinese. I tried swiping again but it wasn’t working. The bus driver started yelling at me in Chinese and I had no idea what he was saying. That morning I put 500 nt on it, so I know there was money on the card. He kept on saying no and told me that it would be 150 nt to take the bus back to Taipei. I couldn’t believe it, 150 to take the bus when its only like 20 nt with the card? I argued with him for a bit and finally he lowered it to 100. I was later told that when you take the bus sometimes you have to swipe the card twice. I don’t understand this though, there are no signs or nothing to tell you when you are supposed to swipe the card twice. Easycard? More like MAFAN CARD.

On some buses I think you have to swipe both when you get on and when you get off. Otherwise the card gets “locked” if you don’t swipe it the second time. I don’t know how true that is, but on the Banqiao Jilong bus 1032, there’s a sign saying that in Chinese. So just because your card becomes locked doesn’t necessarily mean that the bus is communicating with it’s base in real-time.

You guys have some pretty exciting conversations out there in Tucheng, the chief. Sorry, I don’t know the answer to your question, but I would think that you’re right about not transmitting the information wirelessly in real-time.

Well it’s either transmitted wirelessly, or it’s stored on the card. Either way, your next mode of transport is already aware of any other journeys you’ve just made.

That’s why, when you transfer from bus to MRT, or vice versa, you get a discount.

Depending the distance you go, you have two swipe one or two times … because the machine doesn’t know when you came or left the bus … it’s more for out-city buses … in the past it worked the same way, just manual … the driver gave you this card or not that you had to return when leaving the bus so the driver had an idea where you came on …

And as the machine is programmed on buses to only take of one fixed amount, depending on what card you have (elderly, soldiers, students), you have to swipe one or two times … it gets more complicated tho when you change from MRT to bus, than you get a reduced tariff deducted … changing from bus to MRT does the opposite I believe … although you need to change within 30 minutes or so …

Anyways, about the data dumping, what would be the advantage of doing it real time and wireless? It would need a WIFI or phone connection in each bus, if WIFI it’s open to hacking and the transportation company needs to build terminals on each bus stop …

All way to complicated and expensive, unsecured …

I don’t know for a 100% but it’s probably dumped at termination of the route every day … it’s also possible that they have put some infrastructure for wireless data transfer on specific points on route, but not real time on all stops

It’s a smartcard, it stores all the information until it’s data is requested from a data terminal, than changed and saved again for use on the next terminal …

[quote=“the chief”]So I have this ongoing disagreement with a (foreign) engineer friend of mine.
I say that the EasyCard readers on the buses store all the data from the day’s activity and then dumpload when they go back to the garage at night.
He’s convinced that all activity is transmitted wirelessly to a central DBA installation as it happens.
That seems to me like way more system than the infrastructure would be able to handle.
Anyone know for sure?[/quote]
Jeez. SLOW day out at the nature preserve? The answer is pretty fucking obvious, though – its magic. Them endangered dioxins be messin’ with your heed, bro’.

events.ccc.de/congress/2010/Fahr … sycard.pdf

It appears data imprint occurs with each transaction and info is stored on the card. Value change occurs at recharging of the card and with each use.

Fraud appears to be possible. I do hope they have upped the security.

That’s not the problem … it’s about all transaction data for a whole day … is it stored in the terminal for data dump at the end of a shift or is it real time data transfer, wireless …

NO real time contact with HQ. Transactions recorded on your card ONLY and only as an adjustment of the remaining value.The VALUE is adjusted each time you use a ADD Value machine or have Value added by the station EasyCArd attendants or use the card.

Picture this scenario:

You buy easy card for 500nt and get 400nt stored value. YOu go everywhere on the MRT, buses, buy things etc and get down to 100nt. YOu visit a kiosk at a MRT station and add 300nt to your card increasing its value back to 400nt.

Your card instantly deducts its remaining value as a data transfer occurs between your card and a value decreasing action, such as taking an MRT ride. The card deductor machine only needs to read your current value and deduct the amount for the ride. The VALUE remaining on the card is the over-riding element, the master data.

Its the same as a person starting out with 400nt and paying for rides and merchandise and having the money subtracted. NO record likely exists for the whole list of transactions. I think the remaining value is the only “master” data if you will. And when you add value at a machine or with an attendant (who uses a machine to add value) the card store value is increased accordingly but no data dump of where the card has been occurs. That is no master download of activity occurs.

I may be wrong tho. Wont be the first time :slight_smile:

Since this is a relatively recent paper you posted, I think EasyCard is not very safe…

Seems my my compatriot doesn’t think highly of those who implemented EasyCard, and those who made the decision to use it as general payment recently - however convenient it is for us:

[quote]- Using MIFARE classic or any RFID system based on
security by obscurity is irresponsible

  • Extending a MIFARE classic based public transport
    payment system to general payment system in the year
    2010 is nothing but ignorant, clueless and a sign of gross
    negligence

  • Government regulartors should mandate the use of
    publicly and independently audited and reviewed security
    technology. Security by obscurity is not an answer to any
    problem.
    [/quote]

Of course it is … but the data taken from your card … is this sent by wireless or transferred at the and of the day in one block … jeez, it’s not that difficult to understand …

tommy, one thing to keep in mind is how the bus drivers may be compensated. I think the bus companies need to know how many riders took each bus each day. The question is, how/when is this data transmitted?

the chief, have you tried asking one of the bus drivers? :slight_smile:

[quote=“scomargo”]tommy, one thing to keep in mind is how the bus drivers may be compensated. I think the bus companies need to know how many riders took each bus each day. The question is, how/when is this data transmitted?

the chief, have you tried asking one of the bus drivers? :slight_smile:[/quote]

Yeah, this is what I was getting at, I understand that card data is carried on the card.
But the bus’s own data, didn’t they used to say that the bus drivers got paid depending on how many runs and how many passengers?
And I’m with pie on sincerely doubting that each freakin bus carries transmission capability, let alone that there’s some type of central receiving and databasing station gathering wireless transmission from the billions of buses out there.
Also remember the buses belong to like 40 different companies or more, so centralizing the data acquisition just got 500 times harder.

Oh, and ask a bus driver??? :roflmao:
Yeah right, took me a fuckin hour to figure out how to ask this question in fuckin English, man…
:noway:

[quote=“the chief”][quote=“scomargo”]
the chief, have you tried asking one of the bus drivers? :slight_smile:[/quote]

Oh, and ask a bus driver??? :roflmao:
Yeah right, took me a fuckin hour to figure out how to ask this question in fuckin English, man…
:noway:[/quote]
Yeah, and even after that hour-long brainstorm, you still managed to confuse tommy. :doh:

He lives in the US but has no clue when it comes to questions in English …

:roflmao: Ahem. Its not hard to confuse tommy. I am certain I have bought the London bridge several times already. But here is the tommy simplified view of the Easy Card (it may be somewhat true, somewhat untrue, wholly untrue, wholly true or have zero relations to the genuine EasyCard). Of course my entire EasyCard experience runs a total of two weeks during 2009 while in Taipei.

I did discover it to be generally reliable and I personally did not encounter any problems that were card based. Many problems that were humanoid based though. Like me paying twice because i swiped the card twice when disembarking a bus when I only needed to do it once for example.

My complete guess of how this whole shebang hums:

  1. The card is capable of storing huge amounts of data, probably millions of bits of data in the form of one line code. Each line of code being a single transaction basically consisting of adding or subtracting value. The subtraction of value occurs by a value subtracting machine , if you will that calculates how much needs to be subtracted based on the previous entry on the card.

Example: YOu take a bus and swipe your card ,the machine on the bus reads your current value and deducts the price of the bus ride (the machine on the bus has a memory of how much value it has skimmed off all cards and this data is likely downloaded run by run or at the end of the workday at bus HQ for that line). When you got off the bus a notation or one line of code was imprinted on your card’s memory electronically. You then enter a MRT station. The station reader notes where you entered the station and notes your current stored value in NT dollar amount and also notes that you just came off a bus and paid X dollars for that ride.

When you exit at the station that you wished to leave the MRT from another machine reads your last transaction (where you entered the station) and also noted the prior bus journey and then deducts a set dollar value electronically from your card. The MRT machine records the value earned from you for this ride. Could be all MRT stations electronically transfer moneys earned on a real time basis as all of those value deducting machines are land based and could be hard wired into the master system. So data could be processed on a real time basis because they are hard wired and not wireless.

You then enter a 7/11 and buy 2 items which are electronically deducted from the stored value on your card. Two lines of code are imprinted on your card’s memory for the two items purchased. The 7/11 computer notes the card has value and deducts the required amount and stores it in the stores databank and perhaps prints out a weekly or daily or monthly statement to be presented to the EasyCard Corp for payment.

Your card itself may have the ability to store myriads of transactions but unlike a credit card is not required to give you a monthly statement? In fact your card does not have your name on it or is linked to any credit cards as I understand it. They could imprint a name on a card and also link it to a credit card in the future should they wish to do so, if they havent already.

There are godzillions of bits of info stored on the 18 or so million EasyCards but most likely not much of that info is mined for content.

Since the cards are anonymous it could be just up to the individual user to monitor his card usuage , or approximate usage. Each value deducting machine probably has the ability to print out its total “take” . But I doubt this is in real time in most cases, outside of the MRT (which could be as it could be hardwired).

The apt complex I live in has two laundry rooms and one of those rooms has a value add machine to add value to your laundry card (1.50 for a wash, 1.00 for each dry on the dryer). You put in your laundry card, put in your credit card, punch in the desired value (10, 20, 30, 40) and you can hear the machine communicating as there are sounds made like what a fax machine makes. After your credit card is charged for the value you wish to add the money is added to your laundry card. This process is not very quick. Therefore I doubt if value deducting machines are transmitting data on a real time basis (again outside of possibly MRT stations).

From the paper I found it appears the writer believes the system as it is to be corruptible by fraudulent “reading” of the code on your card and the ability to “add” phantom funds. And the writer states that a real time check with HQ for each transaction would be more safe , rather then having data stored on the card. But this would require each machine to real time transmit and correlate data with HQ.

Something I do not believe is happening.

Me thinks perhaps the govt is being overly ambitious. Since there are so many hackers hacking into very well protected online sites, there must exist many people who could effect fraud on the EasyCard.

Perhaps the EasyCard should only be limited to use on public transport and be limited to a stored value not to exceed 1000nt for example.

The cards are available with 1024 or 4096 bytes total. No huge amount at all… So unfortunately we have no idea still if or how the data collected by the readers in buses are transferred to any master database or whatever. We only know that no realtime sanity check is done. And yep, that seems stupid for a payment card system that is so well known to be hacked since years…

Edit: From the CCC presentation, we know that sectors 3 to 5 contain the transaction data records for purchases/rides. Each transaction is 16 bytes. 1K cards have 16 sectors, so each sector is 64 Bytes (assuming we have a 1K card), so a meager total of 12 Transactions can be stored inside the card.

The cards are available with 1024 or 4096 bytes total. No huge amount at all… So unfortunately we have no idea still if or how the data collected by the readers in buses are transferred to any master database or whatever. We only know that no realtime sanity check is done. And yep, that seems stupid for a payment card system that is so well known to be hacked since years…

Edit: From the CCC presentation, we know that sectors 3 to 5 contain the transaction data records for purchases/rides. Each transaction is 16 bytes. 1K cards have 16 sectors, so each sector is 64 Bytes (assuming we have a 1K card), so a meager total of 12 Transactions can be stored inside the card.[/quote]
In all MRT stations, there’s a machine where you can do various things to your EasyCard (add value, check value, etc.) and one of the functions is reviewing the last 6 transactions. I am a sad loser geek. I’ve done this many times.

From the actually-useful EasyCard website http://www.easycard.com.tw/english/use/index.asp:

[quote]1. EasyCard can be used for purchases of NT$1,000 or less at designated stores, to a maximum of NT$3,000 a day. The limit on individual transactions and accumulated daily amounts does not include payment of government fees, public services charges, miscellaneous school expenses, medical costs, transport services (including recreational services such as Gondola and bicycle rental), and parking fees and other government approved public service payments.
2. EasyCard can hold a disposable value of up to NT$10,000.
3. When making a transaction, check the balance of your EasyCard. If it is insufficient, add value to the EasyCard before making the transaction. If the EasyCard has not been used for two years or more, value must be added to reactivate the card so that it can be used again. If you no longer wish to use the EasyCard, you can apply for a refund of the deposit and remaining balance.
4. When using EasyCard for any transaction, the consumer should request a receipt (except for public transport services and parking) to ensure the correct sum has been deducted.
5. In the case of disputes involving non-delivery of goods or services paid for using EasyCard, the consumer may bring proof of purchase (the invoice, receipt or other proof of payment) and the EasyCard used to make payment to the EasyCard Corporation. The Corporation will refund payment following verification.

Check the balance on EasyCard

  1. Every time you use EasyCard in a transaction, a screen on the scanner unit will indicate the balance on the EasyCard.
  2. When using EasyCard to make a purchase at designated stores, the balance on the card will be indicated on the receipt.
  3. EasyCard Readers can be found at all Taipei Metro stations. This can show the previous six transactions and the balance of value. To use the EasyCard Reader, simply place your card over the sensor area.[/quote]

I use my EasyCard as an ATM card… no hassle, taken lots of places where I’d use an ATM card at home (taxi, subway, 7-11, McD’s, etc.), and much easier to top up. The average fee to make an ATM transaction with my US-based card is NT$400, so I strongly prefer taking out the max (usually NT$20k), putting NT$10k on my EasyCard, and putting most of the rest of the cash in my safe. I save a lot of money doing this instead of nickel-and-diming the ATM in 7-11.

By the way, I found a friendly, geeky person at the MRT Danshui information booth one day and I chatted with him about the EasyCard system (I was still dazzled by it, a few days into Taipei). He told me that the card readers in the MRT stations store data from the card and communicate with a central system every few minutes, so not quite real-time, but close. On buses, as some of you have surmised, the data is stored both on the card and in the reader on the bus. When the bus gets to the terminal at the end of the driver’s shift, the data is downloaded; from what I’ve seen, and how the boxes are mounted in the bus, I’d assume they are wireless. As for 7-11 and the like, they are wired to the central system and it’s much like credit-card processing; a transaction ID is recorded in the system at 7-11 which allows for transaction settlement later.

You can hack anything. There’s no way that a stored-value transit card can be made secure enough to deter even 95% of hackers without making it cost-ineffective. Basically, the system is trusting that the vast majority of people are honest. They probably do have some systems in place to attempt to catch strange data that might be evidence of tampering, but of course, they’re not going to talk about that publicly.

Fare evasion is nothing new, right? Where it gets trickier is using it for those NT$1000 transactions in the convenience store; I suppose they COULD lose a lot of money that way but if they did, they’d probably just eliminate that part of the program. Don’t screw it up for those of us who like it! :no-no: The only bummer for me is that MOS Burger doesn’t take it.

thanks juliaz. that should help clarify things. Now we all know more.

There are TWO types of machines on buses. One is the older-looking machine, which is larger and has a curve on the scanning surface. Those you scan once, for a single leg journey, or twice if its a two leg journey, etc. (it seems on all bus routes the run is broken up into sections, so if you go from one section to the next, you incur another leg, basically you pay the fare twice). Keep in mind that this machine only beeps once you scan it! Obviously this is a bit tedious for longer distance buses, so there is machine number 2:

This machine looks newer, it is smaller than the first machine, and the scanning surface is nearly flat (there are no curvature that you can see on it). When you scan this machine, it will say “Normal/Student/Senior card getting on the bus” in Chinese! You must scan once when you get on, and scan again when you get off. It knows where the bus is (probably via GPS) so it deducts the appropriate amount if the distance exceeds the amount it initially deducted (15 NT for regular, 12 for student, and 7 for senior). Obviously if you only went like the distance for a single leg journey, no amount will be deducted once you scan the card when leaving the bus. Once you scan the card when leaving the bus, it will say “Normal/Student/Senior card leaving the bus” in Chinese!

When entering the bus the machine will say “Pu tong/shua sheng/ ching lao ka shan che” once you scan it.
When leaving the bus the machine will say “Pu tong/shua sheng/ ching lao ka xia che” once you scan it.

In summary: If you scan your easy card when entering the bus, and the machine talks, You must scan it again once you get off the bus!
If you scan your easy card when entering the bus, and the machine only makes a “beep” sound, do not scan it again when leaving the bus unless you like being charged again. If you have to scan again due to entering into a second tariff zone, the bus driver will tell you to do so.

Honestly, Germany should start using the RFID tag thing, because fare dodging is much easier there, since there are no gates/checks when you enter a U Bahn or train station! Instead a uniformed/non-uniformed train officers will conduct random checks on the train for tickets, and the fine for not having one is 40 euros. I don’t think that would work in Taiwan though because everyone would simply dodge fares and claim that they didn’t know they had to buy a ticket.

Scan once:

Scan once when entering, once again when leaving: