Changed to EE as it doesn't really have any PIC info

>When someone remits their card, look at the date.  If it's
>expired, reject or eat the card and display "EXPIRED".

I think you will find that you always want to eat the card, and never return
it. Any cards left in the hands of the consuming public will be food for the
hackers out there to try and crack your system, by letting them have codes
they can identify and try to match. Sure the same applies to any card that
is distributed, but any unexpired cards will generally have some sort of
attempt at use. You should try and limit the number of cards that a cracker
can get hold of by retaining them in the machine.

The next question becomes how you are going to encode the card. Any sort of
barcode is fair game to some sort of photocopy attempt. You can limit this
by using colours that won't photocopy well, but I suspect that many of the
modern colour "all in one" scanner/printer units would make short work of
that scheme. A possibility may be to have bar codes on both sides, which
need to printed so that the registration between them needs to be reasonably
exact, which should limit the duplication by most photocopy methods, but may
give you hassles in the production of cards.

This then leads you to some form of RFID system as being the least hackable
method. If worked right, it should be possible to make the cards so that
they are reusable after they are reclaimed from the machine, thereby
defraying to some degree the extra cost of the cards.

--
http://www.piclist.com hint: The list server can filter out subtopics
(like ads or off topics) for you. See http://www.piclist.com/#topics