Talk:Magnetic stripe card
|This is the talk page for discussing improvements to the Magnetic stripe card article.|
- 1 PIN
- 2 Track 1 Version A
- 3 Erasure dangers to magnetic strip
- 4 is it possible to copy a hotel card?
- 5 ISO standard for track 3
- 6 track format details
- 7 Info
- 8 Correction
- 9 Requested move
- 10 Other standards
- 11 What is the Back end process of ATM and POS terminal transactions?any one
- 12 LRC commentary duplicated
- 13 Forrest Parry's wife's name? :-)
- 14 She said, "Here, let me try the iron."
- 15 Universal card
- 16 American Express service code
Is it really true that a encrypted version of the PIN is stored on some cards? Sounds too good to be true for a card thief... He would simply unencrypt it just as the ATM (or whatever) does, and voila! I thougt this information was only stored at the bank for online terminal transactions. The encryption wouldnt bee too hard either with such limited data capacity on track 3. Anyone
Scott 14:40, 15 Aug 2005 (CST)
I don't imagine that they store the actual PIN on the card; it seems to me that the PVV (PIN verification value) is probably some sort of cryptographic hash so that if you can validate the PIN given you without having to contact the card issuer. Who knows, maybe this is an MD5 hash...
Karl 01:57 19 Dec 2005 (PST)
The PIN offset isn't really an encrypted version of the PIN. Every card has a "natural PIN" that's generated by taking the account number (and possibly some other details, such as the expiration date), encrypting it, extracting 4-8 hexidecimal digits from the result, and applying a decimation table (which maps A-F to some digits 0-9). To allow people to pick their own PINs, a PIN offset is introduced and encoded on the card. The PIN the customer enters is the PIN offset + the natural PIN. To verify the PIN, the bank simply subtracts the PIN offset (transmitted with the transaction) from the entered PIN and determines if the natural PIN matches.
Note that without knowing the natural PIN or the PIN that the customer enters, knowing the PIN offset is useless, since the natural PIN can be any valid values.
On an unrelated note, the page mentions that CVV/CVC values may be stored on the card, but I don't believe this is the case. AFAIK, the CVV/CVC values are purposefully left off the magnetic stripe to ensure that only people who physically possess the card know it. Otherwise, some shady self-service machine would be able to swipe the CVV/CVC value.
12:30 02 February, 2006
Sorry , Karl is absolutly correct. The PIN offset is NOT the encrypted PIN. It truly is as Karl describes, an offset that is added to the system generated PIN to equal the Customer Selected PIN. The PIN offset was placed on the magstripe and used often during the days of offline ATMS. At any time a customer changed their cutomer select PIN, the PIN offset was over-written in the track data. However, today 99.99% of ATMS are online always, and the mandate was that issuers migrate the PIN offset to the card issuer's database and issuers now are only to support database verify customer select pins and not card verify customer select pins. Updates are no longer re-written to the track data, only to the database. You are just going to have to accept this fact ... it is NOT the encrypted PIN - I promise. I've been in the credit card issuing business for 18 years ... that is how it is done. I agree with your description of CVV/CVC and CVV2/CVC2.
Track 1 Version A
Can anyone give an example of a track 1 version A readout?
The track two can be generated the same as the original ?
Erasure dangers to magnetic strip
I see many people asking about accidental erasure of a credit card's magnetic strip. Myth busters looked at credit cards and found cards to be very resistant to erasure with magnets. I would like to see a section about erasure other than "be careful with magnets around credit cards". Magnetic jewelry, GPS receivers with magnets to attach to car roofs, and credit cards making direct contact with each other are a few of the common situations that I see on most threads, but the answers are disparate and non-authoritative. Perhaps a graph or table showing the strengths of magnets and whether the magnets pose a risk to credit card erasure.
- Fact is that the HiCo cards (black stripe) resist magnets well, while the LoCo (brown stripe) cards will get wiped by a casual encounter with a magnetic purse strap. HiCo cards aren't immune, but it takes a very powerful magnet to corrupt them. Reswobslc 04:57, 23 December 2006 (UTC)
- For my A2 Physics Coursework this year i am studying this effect, i will announce results here when i have gathered all results. Mumuthemonkey 10:18, 5 November 2007 (UTC)
There is a proprietary form of magnetic encoding called "Watermark Magnetics"  which, since it is a structural encoding, cannot be erased or altered without destroying the tape. [Steve Brunt was Project Manager for Watermark Products at Thorn EMI, Wells during the 1980s] SteveBrunt (talk) 19:45, 11 May 2009 (UTC)
is it possible to copy a hotel card?
- Nope, other than the original device that wrote the hotel card in the first place... they are a proprietary format. Same thing with other cards, like subway MetroCards, etc.
- The only kinds of cards I've found that loosely follow the ISO specifications similar to bank cards are membership cards, driver's licenses, gift cards, calling cards, and the like. Of course, all ATM cards, Visa, Mastercard, and other major credit cards, as well as smaller cards (e.g. store credit) use the specs as well. In all those cases, the actual value or currency is stored on a computer somewhere else, not the card. And in all those cases, the makers desire those cards to be read by off-the-shelf point-of-sale hardware. Any time the card itself stores something of value, like a balance or access to a hotel room, that's when the stripe goes proprietary. Usually proprietary stripes are so unrecognizable by bankcard equipment that it doesn't even know you swiped the card when you swipe it! Reswobslc 05:01, 23 December 2006 (UTC)
ISO standard for track 3
I am removing the details of the ISO standard for track 3, as in my opinion (I program bankcard machines) this standard is virtually unused and not found on any major or national credit card. Anyone who uses track 3 usually does so for some proprietary purpose and uses a format that is very unlikely to follow this ISO specification. If someone disagrees... well it'll still be in the page history, and it can be dug up and discussed. Reswobslc 05:04, 23 December 2006 (UTC)
- Knowing that track 3 is almost always used in a proprietary fashion would be helpful. You should consider putting that in the article. When I first read the article, I was surprised, because I knew most cards have three tracks and wondered why nothing was said about the third track. bendodge (talk) 22:07, 19 July 2014 (UTC)
track format details
Do magnetic stripe card readers send the information they read in Wiegand protocol?
How are the bits of information on the card converted into the characters mentioned in this article (and ISO/IEC 7813)? The article implies that each group of 4 data bits on track 2 can be converted to ASCII by adding 0x30. How do I convert each group of 6 data bits on track 1 into ASCII? How does a reader avoid framing error?
--184.108.40.206 01:14, 29 May 2007 (UTC)
A bit of information not shown on the page:
Track 1 - Alpha numeric characters - Up to 76 user definable alphanumeric characters can be encoded on this track
Track 2 - Numeric Only - Up to 37 user definable numeric characters can be encoded on this track
Track 3 - Numeric Only - Up to 104 user definable numeric characters can be encoded on this track
Unless you have a Encoder which can encode in Triple IATA thus allowing you to encode all tracks in Alphanumeric.
Also Each State has its own standards on what is placed on each track, they're never the same.
I've noticed while working in the ID Card fields that Nevada uses ID Cards that of Datacard and Fargo, unlike California specialized ID Cards
Nathan (talk) 18:34, 4 March 2008 (UTC)
The following line:
Expiration date — four characters in the form MMYY
does not apply to all credit cards or is incorrect. My credit card returns the expiration date in the format YYMM on the first and second tracks. It even says the format on the front of the card so I know I'm not reading it incorrectly. Is this just a spelling error in the main article?
Since we mention transportation tickets, our list of standards should include ISO/IEC 15457 which deals specifically with "thin flexible cards", including Edmondson size TFC.0 and the airline style TFC.5. Note that CRSW016, the original specification for the BR/London ticket, is not compliant with the standard (which it pre-dates) due to its rounding off of the millimetric dimensions. [Steve Brunt is the author of CRSW016 and ISO/IEC Project Editor for ISO/IEC 15457] SteveBrunt (talk) 19:26, 11 May 2009 (UTC)
What is the Back end process of ATM and POS terminal transactions?any one
could you tell me the back end process at ATM and POS terminal transactions?I mean that how the card dat will read how it compares PIN for authentication,and each and every step up to settlement of funds?and role of card associations? —Preceding unsigned comment added by Suryaau (talk • contribs) 05:22, 10 June 2009 (UTC)
- Nobody is going to teach you how to hijack ATMs to convince them to give them all the money contained within.
LRC commentary duplicated
Forrest Parry's wife's name? :-)
She said, "Here, let me try the iron."
Universal card is a new article accepted by WP:AFC. Reviewers recognised the potential to merge this content into Digital wallet or Magnetic stripe card. I believe this is a determination that can be made by the editors of these articles. ~KvnG 19:34, 23 March 2014 (UTC)
American Express service code
At the time of writing, the article states that the service code is three characters. American Express cards appear to have only a two character service code according to the card type information from a payment processor that my employer uses. I cannot find any further information, but was wondering if anyone else can confirm this. — Preceding unsigned comment added by 220.127.116.11 (talk • contribs) 10:13, 3 September 2014