This is an old revision of this page, as edited by Nuts240 (talk | contribs) at 03:41, 30 August 2022 (→Magnetic stripe card: IBM: more work needed). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.
Revision as of 03:41, 30 August 2022 by Nuts240 (talk | contribs) (→Magnetic stripe card: IBM: more work needed)(diff) ← Previous revision | Latest revision (diff) | Newer revision → (diff)This article is actively undergoing a major edit for a little while. To help avoid edit conflicts, please do not edit this page while this message is displayed. This page was last edited at 03:41, 30 August 2022 (UTC) (2 years ago) – this estimate is cached, update. Please remove this template if this page hasn't been edited for a significant time. If you are the editor who added this template, please be sure to remove it or replace it with {{Under construction}} between editing sessions. |
The term digital card can refer to a physical item, such as a memory card on a camera, or, increasingly since 2017, to the digital content hosted as a virtual card or cloud card, as a digital virtual representation of a physical card. They share a common purpose: Identity Management, Credit card, or Debit card. A non-physical digital card, unlike a Magnetic stripe card can can emulate (imitate) any kind of card. Other common uses include loyalty card and health insurance card; physical driver's license and Social Security card are still mandated by some government agencies.
Digital cards are usually stored on a smartphone or a smartwatch. Therefore, content from the card's issuer can be transmitted (via Internet) and displayed, such as discounts, news updates, store locations, coupons, etc.
History
Magnetic recording on steel tape and wire was invented by Valdemar Poulsen in Denmark around 1900 for recording audio. In the 1950s, magnetic recording of digital computer data on plastic tape coated with iron oxide was invented. In 1960, IBM used the magnetic tape idea to develop a reliable way of securing magnetic stripes to plastic cards, under a contract with the US government for a security system. A number of International Organization for Standardization standards, ISO/IEC 7810, ISO/IEC 7811, ISO/IEC 7812, ISO/IEC 7813, ISO 8583, and ISO/IEC 4909, now define the physical properties of the card, including size, flexibility, location of the magstripe, magnetic characteristics, and data formats. They also provide the standards for financial cards, including the allocation of card number ranges to different card issuing institutions.
In 1960 IBM used the magnetic tape to develop a reliable way of securing magnetic stripes to plastic cards, the most common identification and payment method to date. As technological progress emerged in the form of highly capable and always carried smartphones, handhelds and smartwatches, the term "digital card" was introduced.
On May 26, 2011 Google released its own version of a cloud hosted Google Wallet which contains digital cards - cards that can be created online without having to have a plastic card in first place, although all of its merchants currently issue both plastic and digital cards. There are several virtual card issuing companies located in different geographical regions, such as DiviPay in Australia and Privacy in the USA.
https://en.wikipedia.org/search/?title=Digital_card&action=edit§ion=2
Magnetic stripe card
A magnetic stripe card is a type of card capable of storing data by storing it on magnetic material attached to a plastic card. A computer device can update the card's content. The magnetic stripe is read by swiping it past a magnetic reading head. Magnetic stripe cards are commonly used in credit cards, identity cards, and transportation tickets. They may also contain an RFID tag, a transponder device and/or a microchip mostly used for access control or electronic payment.
Magnetic storage
Magnetic storage was known from World War II and computer data storage in the 1950s.
In 1969 an IBM engineer had the idea of attaching a piece of magnetic tape, the predominant storage medium at the time, to a plastic card base. Hr tried, unsuccessfully, produced unacceptable results. The tape strip either warped or its characteristics were negativelty affected by the adhesive. After a frustrating day in the laboratory, trying to get the right adhesive, he came home with several pieces of magnetic tape and several plastic cards. As he entered his home his wife was ironing clothing. When he explained the source of his frustration, inability to get the tape to "stick" to the plastic in a way that would work, she suggested that he use the iron to melt the stripe on. He tried it and it worked. The heat of the iron was just high enough to bond the tape to the card.
Incremental improvements from 1969 thru 1973 enabled developing and selling implementations of what became known as the ] (UPC).. This engineering effort resulted in IBM producing the first magnetic striped plastic credit and ID cards used by banks, insurance companies, hospitals and many others. .
Initial customers included banks, insurance companies and hospitals, who provided IBM with raw plastic cards preprinted with their logos contact information and the data which was to be encoded and embossed on the cards. Manufacturing involved attaching the magnetic stripe to the preprinted plastic cards using the hot stamping process developed by IBM. and 1973.
IBM’s development work, begun in 1969, still needed more work.
Further developments and encoding standards
There were a number of steps required to convert the magnetic striped media into an industry acceptable device. These steps included:
- Creating the international standards for stripe record content, including which information, in what format, and using which defining codes.
- Field testing the proposed device and standards for market acceptance.
- Developing the manufacturing steps needed to mass-produce the large number of cards required.
- Adding stripe issue and acceptance capabilities to available equipment.
These steps were initially managed by Jerome Svigals of the Advanced Systems Division of IBM, Los Gatos, California, from 1966 to 1975.
In most magnetic stripe cards, the magnetic stripe is contained in a plastic-like film. The magnetic stripe is located 0.223 inches (5.66 mm) from the edge of the card, and is 0.375 inches (9.52 mm) wide. The magnetic stripe contains three tracks, each 0.110 inches (2.79 mm) wide. Tracks one and three are typically recorded at 210 bits per inch (8.27 bits per mm), while track two typically has a recording density of 75 bits per inch (2.95 bits per mm). Each track can either contain 7-bit alphanumeric characters, or 5-bit numeric characters. Track 1 standards were created by the airlines industry (IATA). Track 2 standards were created by the banking industry (ABA). Track 3 standards were created by the thrift-savings industry.
Magstripes following these specifications can typically be read by most point-of-sale hardware, which are simply general-purpose computers that can be programmed to perform specific tasks. Examples of cards adhering to these standards include ATM cards, bank cards (credit and debit cards including Visa and MasterCard), gift cards, loyalty cards, driver's licenses, telephone cards, membership cards, electronic benefit transfer cards (e.g. food stamps), and nearly any application in which value or secure information is not stored on the card itself. Many video game and amusement centers now use debit card systems based on magnetic stripe cards.
Magnetic stripe cloning can be detected by the implementation of magnetic card reader heads and firmware that can read a signature of magnetic noise permanently embedded in all magnetic stripes during the card production process. This signature can be used in conjunction with common two-factor authentication schemes utilized in ATM, debit/retail point-of-sale and prepaid card applications.
Counterexamples of cards which intentionally ignore ISO standards include hotel key cards, most subway and bus cards, and some national prepaid calling cards (such as for the country of Cyprus) in which the balance is stored and maintained directly on the stripe and not retrieved from a remote database.
Magnetic stripe coercivity
Magstripes come in two main varieties: high-coercivity (HiCo) at 4000 Oe and low-coercivity (LoCo) at 300 Oe, but it is not infrequent to have intermediate values at 2750 Oe. High-coercivity magstripes require a higher amount of magnetic energy to encode, and therefore are harder to erase. HiCo stripes are appropriate for cards that are frequently used, such as a credit card. Other card uses include time and attendance tracking, access control, library cards, employee ID cards and gift cards. Low-coercivity magstripes require a lower amount of magnetic energy to record, and hence the card writers are much cheaper than machines which are capable of recording high-coercivity magstripes. However, LoCo cards are much easier to erase and have a shorter lifespan. Typical LoCo applications include hotel room keys, time and attendance tracking, bus/transit tickets and season passes for theme parks. A card reader can read either type of magstripe, and a high-coercivity card writer may write both high and low-coercivity cards (most have two settings, but writing a LoCo card in HiCo may sometimes work), while a low-coercivity card writer may write only low-coercivity cards.
In practical terms, usually low coercivity magnetic stripes are a light brown color, and high coercivity stripes are nearly black; exceptions include a proprietary silver-colored formulation on transparent American Express cards. High coercivity stripes are resistant to damage from most magnets likely to be owned by consumers. Low coercivity stripes are easily damaged by even a brief contact with a magnetic purse strap or fastener. Because of this, virtually all bank cards today are encoded on high coercivity stripes despite a slightly higher per-unit cost.
Magnetic stripe cards are used in very high volumes in the mass transit sector, replacing paper based tickets with either a directly applied magnetic slurry or hot foil stripe. Slurry applied stripes are generally less expensive to produce and are less resilient but are suitable for cards meant to be disposed after a few uses.
Financial cards
Main article: ISO/IEC 7813There are up to three tracks on magnetic cards known as tracks 1, 2, and 3. Track 3 is virtually unused by the major worldwide networks , and often is not even physically present on the card by virtue of a narrower magnetic stripe. Point-of-sale card readers almost always read track 1, or track 2, and sometimes both, in case one track is unreadable. The minimum cardholder account information needed to complete a transaction is present on both tracks. Track 1 has a higher bit density (210 bits per inch vs. 75), is the only track that may contain alphabetic text, and hence is the only track that contains the cardholder's name.
Track 1 is written with code known as DEC SIXBIT plus odd parity. The information on track 1 on financial cards is contained in several formats: A, which is reserved for proprietary use of the card issuer, B, which is described below, C-M, which are reserved for use by ANSI Subcommittee X3B10 and N-Z, which are available for use by individual card issuers:
Track 1
Format B:
- Start sentinel — one character (generally '%')
- Format code="B" — one character (alpha only)
- Primary account number (PAN) — up to 19 characters. Usually, but not always, matches the credit card number printed on the front of the card.
- Field Separator — one character (generally '^')
- Name — 2 to 26 characters, surnames separated by space if necessary, Surname separator: /
- Field Separator — one character (generally '^')
- Expiration date — four characters in the form YYMM.
- Service code — three characters
- Discretionary data — may include Pin Verification Key Indicator (PVKI, 1 character), PIN Verification Value (PVV, 4 characters), Card Verification Value or Card Verification Code (CVV or CVC, 3 characters)
- End sentinel — one character (generally '?')
- Longitudinal redundancy check (LRC) — it is one character and a validity character calculated from other data on the track.
Track 2
This format was developed by the banking industry (ABA). This track is written with a 5-bit scheme (4 data bits + 1 parity), which allows for sixteen possible characters, which are the numbers 0-9, plus the six characters : ; < = > ?
. The selection of six punctuation symbols may seem odd, but in fact the sixteen codes simply map to the ASCII range 0x30 through 0x3f, which defines ten digit characters plus those six symbols. The data format is as follows:
- Start sentinel — one character (generally ';')
- Primary account number (PAN) — up to 19 characters. Usually, but not always, matches the credit card number printed on the front of the card.
- Separator — one char (generally '=')
- Expiration date — four characters in the form YYMM.
- Service code — three digits. The first digit specifies the interchange rules, the second specifies authorization processing and the third specifies the range of services
- Discretionary data — as in track one
- End sentinel — one character (generally '?')
- Longitudinal redundancy check (LRC) — it is one character and a validity character calculated from other data on the track. Most reader devices do not return this value when the card is swiped to the presentation layer, and use it only to verify the input internally to the reader.
Service code values common in financial cards:
First digit
- 1: International interchange OK
- 2: International interchange, use IC (chip) where feasible
- 5: National interchange only except under bilateral agreement
- 6: National interchange only except under bilateral agreement, use IC (chip) where feasible
- 7: No interchange except under bilateral agreement (closed loop)
- 9: Test
Second digit
- 0: Normal
- 2: Contact issuer via online means
- 4: Contact issuer via online means except under bilateral agreement
Third digit
- 0: No restrictions, PIN required
- 1: No restrictions
- 2: Goods and services only (no cash)
- 3: ATM only, PIN required
- 4: Cash only
- 5: Goods and services only (no cash), PIN required
- 6: No restrictions, use PIN where feasible
- 7: Goods and services only (no cash), use PIN where feasible
United States and Canada driver's licenses
The data stored on magnetic stripes on American and Canadian driver's licenses is specified by the American Association of Motor Vehicle Administrators. Not all states and provinces use a magnetic stripe on their driver's licenses. For a list of those that do, see the AAMVA list.
The following data is stored on track 1:
- Start Sentinel - one character (generally '%')
- State or Province - two characters
- City - variable length (seems to max out at 13 characters)
- Field Separator - one character (generally '^') (absent if city reaches max length)
- Last Name - variable length
- Field Separator - one character (generally '$')
- First Name - variable length
- Field Separator - one character (generally '$')
- Middle Name - variable length
- Field Separator - one character (generally '^')
- Home Address (house number and street) - variable length
- Field Separator - one character (generally '^')
- Unknown - variable length
- End Sentinel - one character (generally '?')
The following data is stored on track 2:
- ISO Issuer Identifier Number (IIN) - 6 digits
- Drivers License / Identification Number - 13 digits
- Field Separator - generally '='
- Expiration Date (YYMM) - 4 digits
- Birth date (YYYYMMDD) - 8 digits
- DL/ID# overflow - 5 digits (If no information is used then a field separator is used in this field.)
- End Sentinel - one character ('?')
The following data is stored on track 3:
- Template V#
- Security V#
- Postal Code
- Class
- Restrictions
- Endorsements
- Sex
- Height
- Weight
- Hair Color
- Eye Color
- ID#
- Reserved Space
- Error Correction
- Security
Note: Each state has a different selection of information they encode, not all states are the same. Note: Some states, such as Texas, have laws restricting the access and use of electronically readable information encoded on driver's licenses or identification cards under certain circumstances.
Other card types
Smart cards are a newer generation of card that contain an integrated circuit. Some smart cards have metal contacts to electrically connect the card to the reader, and contactless cards use a magnetic field or radio frequency (RFID) for proximity reading.
Hybrid smart cards include a magnetic stripe in addition to the chip—this is most commonly found in a payment card, so that the cards are also compatible with payment terminals that do not include a smart card reader.
Cards with all three features: magnetic stripe, smart card chip, and RFID chip are also becoming common as more activities require the use of such cards.
Vulnerabilities
DEF CON 24
During DEF CON 24, Weston Hecker presented Hacking Hotel Keys, and Point Of Sales Systems. In the talk, Hecker described the way magnetic strip cards function and utilised spoofing software, and an Arduino to obtain administrative access from hotel keys, via service staff walking past him. Hecker claims he used administrative keys from POS systems on other systems, effectively providing access to any system with a magnetic stripe reader, providing access to run privileged commands.
Usage
Identification with a digital card is usually done in several ways:
- Displaying a QR code on the customer's smartphone to the identifying host (a cashier i.e.). The unique QR code ensures privacy for every customer.
- Engaging an NFC protocol connection by placing the smartphone near the NFC Reader (using host card emulation method).
- Using IoB (Identification over Bluetooth, an obsolete method which is rarely used) or PoB (Payment over Bluetooth).
See also
- Access badge
- Access control
- Campus card
- Common Access Card
- Credential
- Credit card number
- Identity document
- ID card printer
- Keycard
- MetroCard (New York City)
- Forrest Parry, the IBM engineer who invented the magnetic stripe card
- Photo identification
- Physical security
- Proximity card
- Security
- Security engineering
- Smart card
- Stored-value card
References
- ^ Brian X. Chen (December 1, 2021). "How to Carry Your Covid Health Data on a Smartphone". The New York Times. Retrieved August 29, 2022.
- "Q & A for a digital world". The New York Times. November 8, 2007. Retrieved August 29, 2022.
- J. D. Biersdorfer (October 10, 2002). "Memory Cards as Kin That Can't Get Along". The New york Times. Retrieved August 29, 2022.
- "Digital credit card replacement Coin is almost ready to swipe — the Coin Beta begins today". August 22, 2014.
- "AES Historical Committee". www.aes.org.
- ^ Jerome Svigals, The long life and imminent death of the mag-stripe card, IEEE Spectrum, June 2012, p. 71
- "Google Pay - Learn What the Google Pay App is & How to Use It".
- "IBM100 - Click on "View all icons". Click on 8th row from the bottom titled "Magnetic Stripe Technology"". February 3, 2011. Retrieved February 3, 2011.
- "Article on Forrest Parry, pages 3-4" (PDF). Archived from the original (PDF) on October 27, 2011. Retrieved November 29, 2011.
- ^ "IBM Archives: DPD chronology - page 4". 03.ibm.com. Retrieved October 25, 2015.
- "Who Made That Universal Product Code". The New York Times. Retrieved October 25, 2015.
- "IBM100 - UPC". 03.ibm.com. Retrieved October 25, 2015.
- ^ "IBM100 - System 360". 03.ibm.com. April 7, 1964. Retrieved October 25, 2015.
- U.S. patent 3,685,690, "Credit card automatic currency dispenser"; Thomas Barnes, George Chastain, and Marion Karecki; issued August 22, 1972
- U.S. patent 3,761,682, "Credit card automatic currency dispenser"; Thomas Barnes, George Chastain, and Don Wetzel; issued September 25, 1973
- "Welcome to MagnePrint®: What is MagnePrint?". Magneprint.com. Retrieved November 29, 2011.
- "ID Security Technologies". AAMVA. Retrieved October 25, 2015.
- Archived December 2, 2010, at the Wayback Machine
- 2010 AAMVA DL/ID Card Design Standard Ver 1.0, Annex F.6, Aamva.org, June 2010, retrieved August 9, 2010
- "AAMVA - IIN and RID". www.aamva.org. Retrieved July 19, 2017.
- "Texas statutes, section 521.126, restricting use of electronically readable information from driver's licenses or personal identification certificates". Texas Legislature Online, State of Texas. June 2015. Retrieved April 4, 2016.
- "ID Card Supply Now Offers Triple-Secure ID Cards With Magnetic Strip, RFID and Smart Chip - Press Release". Digital Journal. July 9, 2014. Retrieved October 25, 2015.
- "Samy Kamkar: MagSpoof - credit card/magstripe spoofer". samy.pl. Retrieved December 2, 2016.
Medium of exchange | ||||||
---|---|---|---|---|---|---|
Commodity money |
| |||||
Money (Fiat/Token) | ||||||
General |
|
External links
- Magnetic Stripe Formats
- A brief comparison of Mag stripe and RFID technology (2012)
- A Brief History of Reprogrammable Card Technology (2012)
- Magnetic Developer and Magnetic Encoding Standards
Magnetic storage media | |
---|---|
|
Credit, charge and debit cards | |||
---|---|---|---|
Major cards | |||
Regional and specialty cards | |||
Defunct cards | |||
Accounts | |||
Debt | |||
Interest | |||
Payment | |||
Interchange |
| ||
Security | |||
Technology | |||
Banking |