New Project: Digital Knucklebuster

 I’ve been doing more craft shows recently, and if there’s one thing I really, really hate about them it’s dealing with a knucklebuster. For the uninitiated, a knucklebuster is the little manual credit card imprinter you use when you don’t have access to an electronic terminal. They use pfizer viagra cheap carbonless paper to make a physical imprint of the raised numbers on the card. They’re tedious to use and I hate them.

There are a number of products commercially available which use cell phone service to provide a modern mag-strip reader and processor. The problem with these is that they’re pretty expensive for someone who only does a handful of shows a year. The hardware costs around $1000 and there’s an associated monthly fee. Sometimes there’s even a gateway fee on top of that, so by the time you add in your credit card processor you’re looking at a 6-10% discount plus about $50 a month in fees. Gross.

The plan is to build a digital knucklebuster. Something which makes the credit card swiping process a little less painful. There are two main requirements: it must be battery powered as electricity is generally an expensive add-on at shows (if available at all) and it must not require cell phone or internet signal. I have a knack for doing shows in buildings with no reception. I’ll still have to take the receipts home and process them, but hopefully it will be less tedious.

The two main components to the project are a magstripe reader and a thermal receipt printer. I found the magstripe reader at allelectronics and a cheap battery powered thermal receipt printer on eBay. I plan to run the whole thing off an Arduino and put it in a nice looking enclosure. No one wants to run their credit card on something that looks like a hacker made it.

I’ve also picked up a numeric keypad and small LCD display for entering in the transaction amount and any other important information. I’m on the fence as to whether I want to program in my products / prices and have the line items on the credit card slip. If not, I’ll have to write one for my records.

I haven’t done much work with serial devices, but I’ve found a couple good posts which should help me figure things out.
Tom Taylor wrote an Arduino sketch which takes web data and prints it on a thermal printer. I found a great tutorial for reading a magstripe reader with a Sanguino, so I’ll either adapt the code for Arudino use or just use a Sanguino. I haven’t figured out if I need the extra beefiness of the Sanguino.

For duplicity, I plan on storing the credit card number on an SD card, as well as printing it in a QR code on my copy of the receipt (the one they sign). While I’m not super-stoked about the level of security here, I feel it’s comparable to how I’m doing things now: carrying around a pouch full of credit card slips, each with the information imprinted on it.

There are a couple problems this project doesn’t address, plain old credit card fraud being the first of them. Just like with a knucklebuster, we’re not running the cards at the time of sale, so it’s entirely possible someone’s card could be declined when we run it later. There’s also something the knucklebuster provides which I’m not sure if this will: proof the card was present. Visa/Mastercard accept a knucklebuster receipt as proof of the card being present. They also consider a swiped card proof (but not a keyed one), but I’m not sure if that’s due to some of the data collected, or some other mystical check performed on auth. While chargebacks at craft shows are rare, they do happen.

I’ve started working with the printer, but haven’t gotten very far, so I’ll save that for the next post.

6 thoughts on “New Project: Digital Knucklebuster”

  1. My memories are vague on this, but I think there is data on the mag swipe strip that is not embossed on the card, so when you read that, you have a logical “card present” which is great for avoiding the MOTO fees.

  2. I haven’t, mostly due to not having an iPhone. But finding or writing a G1 app to use with this is on my list of things to check out once it’s built.

  3. To avoid transporting credit card info in the clear, especially something as easily duplicable as a QR code (which are admittedly slightly more obfuscated than direct imprints) you could simply XOR the card number with a 16-digit random string before encoding to QR. You could change the string per event, increment per swipe, whatever you like. It’s not cryptographically secure, but it’s not in the clear.

  4. This seems so obvious it’s probably stupid but why not just take a picture of the card? You could write down the amount and item on a “receipt”. Take a picture of both at the same time and then email your customers a copy if they wanted. This would give you physical proof that might be worth more than the carbon copy.

Leave a Reply

Your email address will not be published. Required fields are marked *