Thursday, July 9, 2009

Magstripe 101

What Is The Stripe On the Credit Card?
What Is The Stripe On the Credit Card?

Each day we use our bank issued credit card. Swiping our cards on stores card readers to buy our purchases. Now, how it is that something so small can keep all your bank information. What allows the card reader to see that information? And what is that dark strip on the back of our cards.
The stripe on the back of a credit card is a magnetic stripe, or also called “MagStripe”. The magnetic strip is made up of tiny iron-based magnetic particles in a plastic-like film. Each particle is really a tiny magnet bar about 20-millionths of an inch long.

The magnetic stripe can have data written because the tiny magnet bar can be magnetized in either a north or South Pole direction. The magnetic strip very similar to a cassette tape.
A magnetic stripe card reader can then understand the information that has been written on the three-track stripe.
If the credit card isn’t being accepted, your problem is probably either:

* A dirty or scratched MagStripe
* An erased magnetic stripe
o The most common causes for erased MagStripe are exposure to magnets, like the ones that hold notes &pictures on your refrigerator, or exposure to a store’s EAS (Electronic Article Surveillance) tag demagnetizer.
* Or you are just out of money.

These Three Tracks Stripes on the magnetic stripe each have tracks that are about 1/10th of an inch wide. The ISO/IEC standard 7811, which is used by some banks, specifies:

* Track one – 210 bpi (bits per inch), and holds 79 6-bit plus parity bit read-only characters.
* Track two – 75 bpi, and holds 40 4-bit plus parity bit characters.
* Track three – 210 bpi, and holds 107 4-bit plus parity bit characters.

Credit Card typically uses only tracks-1 & 2. Track-3 is a read/write track (which includes your encrypted PIN, country codes, currency units and amount on your account); this is not standardized among all banks.
The information on track-1 is contained in two formats: A, which is reserved for proprietary use of the card issuer, and B, which includes the following:

* Start sentinel – one character
* Format code=”B” – one character (alpha only)
* Primary account number – up to 19 characters
* Separator – one character
* Country code – three characters
* Name – two to 26 characters
* Separator – one character
* Expiration date or separator – four characters or one character
* Discretionary data – enough characters to fill out maximum record length (79 characters total)
* End sentinel – one character
* Longitudinal redundancy check (LRC) – one character LRC is a form of computed check character.

The format for track two, developed by the banking industry, is as follows:

* Start sentinel – one character
* Primary account number – up to 19 characters
* Separator – one character
* Country code – three characters
* Expiration date or separator – four characters or one character
* Discretionary data – enough characters to fill out maximum record length (40 characters total)
* LRC – one character

There are three basic methods for determining whether your credit card will pay for what you’re charging:

* Voice authentication – Small Merchants do using a touch-tone phone.
* Electronic data capture – (EDC) MagStripe-card swipe terminals
* Virtual terminals on the Internet

How all of this works:
After the credit card is swipes through a reader, the EDC software at the point-of-sale (POS) terminal dials a stored phone number (using a modem) to call an acquirer. An acquirer is an organization that collects credit card authentication requests from merchants and provides the merchants with a guarantee payment.
When the acquirer company gets the credit-card authentication request, it checks the transaction for validity and the record on the MagStripe for:

* Merchant ID
* Valid card number
* Expiration date
* Credit-card limit
* Card usage

With Single dial-up transactions, they are processed at 1,200 to 2,400 bits per second (bps), while direct Internet attachment uses much higher speeds via this protocol. Using Internet protocol, the cardholder enters their personal identification number (PIN) using a pin pad.
The PIN is not on the card — it is encrypted in the database. Creation of your PIN can be interred in on the bank’s computers in an encrypted form.
Also, the communications between the ATM and the bank’s central computer are encrypted to prevent would-be thieves from tapping into the phone lines, recording the signals sent to the ATM to authorize the dispensing of cash and then feeding the same signals to the ATM to trick it into unauthorized dispensing of cash.
If all of this isn’t enough protection, there are now cards that utilize even more security measures than your conventional credit card: Smart Cards.




, , ,

Disqus for ePayment News