Researchers at Secure Science Corporation have managed to break the ExpressPay system used at FedEx Kinko’s stores which is provided by enTrac. The cards are write protected using a 3 byte security code. You can sniff this data using a logic analyzer and then use the code to write any data you want to the card since it is unencrypted. The security code is the same across all cards. FedEx Kinko’s stated that the article is inaccurate, so Lance James and Strom Carlson made a video of themselves doing the hack in the store: They put $1.00 on a card at the kiosk and then use it to log into a computer and show the balance of $1.00. They logout and use a separate laptop and card reader/writer to change the balance to $50.00 and modify the serial number. Next they use the card to log back into a computer and show the balance of $50.00. They let one minute pass so that $0.20 is charge to the card. Finally they logout and use the self-service kiosk to print out a receipt showing their balance of $49.80 with the fake serial number. At this point the attacker can take the card to the service counter and ask for the balance in cash.
[thanks Sith from Midnight Research Labs]
[fix: I had originally stated they bought a new card at the kiosk]