Digital card

Last updated

The term digital card [1] can refer to a physical item, such as a memory card on a camera, [2] [3] or, increasingly since 2017, to the digital content hosted as a virtual card or cloud card, as a digital virtual representation of a physical card. They share a common purpose: Identity Management, Credit card, Debit card or driver license. A non-physical digital card, unlike a Magnetic stripe card can emulate (imitate) any kind of card. [4] [1]

Contents

A smartphone or smartwatch can store content from the card issuer; discount offers and news updates can be transmitted wirelessly, via Internet. These virtual cards are used in very high volumes by the mass transit sector, replacing paper based tickets and earlier MagStrip cards. [5]

History

Front side of the first Magnetic Stripe plastic credit card. Note that the narrow magnetic stripe is on the front of the card. It was later switched to the back side. 2. Front of first mag striped encoded plastic card.JPG
Front side of the first Magnetic Stripe plastic credit card. Note that the narrow magnetic stripe is on the front of the card. It was later switched to the back side.

Magnetic recording on steel tape and wire was invented by Valdemar Poulsen in Denmark around 1900 for recording audio. [6] In the 1950s, magnetic recording of digital computer data on plastic tape coated with iron oxide was invented. In 1960, IBM built upon the magnetic tape idea and developed a reliable way of securing magnetic stripes to plastic cards, [7] as part of a contract with the US government for a security system. A number of International Organization for Standardization standards, ISO/IEC 7810, ISO/IEC 7811, ISO/IEC 7812, ISO/IEC 7813, ISO 8583, and ISO/IEC 4909, now define the physical properties of such cards, including size, flexibility, location of the magstripe, magnetic characteristics, and data formats. Those standards also specify characteristics for financial cards, including the allocation of card number ranges to different card issuing institutions.

As technological progress emerged in the form of highly capable and always carried smartphones, handhelds and smartwatches, the term "digital card" was introduced. [1]

On May 26, 2011 Google released its own version of a cloud hosted Google Wallet which contains digital cards - cards that can be created online without having to have a plastic card in first place, although all of its merchants currently issue both plastic and digital cards. [8] There are several virtual card issuing companies located in different geographical regions, such as Weel in Australia and Privacy in the USA.

Magnetic stripe card

An example of the reverse side of a typical credit card: Green circle #1 labels the magnetic stripe. CCardBack.svg
An example of the reverse side of a typical credit card: Green circle #1 labels the magnetic stripe.
Visualization of magnetically stored information on a magnetic stripe card (recorded with CMOS-MagView, dark colors correspond to magnetic north, light colors correspond to magnetic south) Aufnahme der magnetischen Struktur eines Magnetstreifens auf eine EC-Karte (Aufnahme mit CMOS-MagView)2.jpg
Visualization of magnetically stored information on a magnetic stripe card (recorded with CMOS-MagView, dark colors correspond to magnetic north, light colors correspond to magnetic south)

A magnetic stripe card is a type of card capable of storing data by storing it on magnetic material attached to a plastic card. A computer device can update the card's content. The magnetic stripe is read by swiping it past a magnetic reading head. Magnetic stripe cards are commonly used in credit cards, identity cards, and transportation tickets. They may also contain a radio frequency identification (RFID) tag, a transponder device and/or a microchip mostly used for access control or electronic payment.

Magnetic storage

The first prototype of magnetic stripe card created by IBM in the late 1960s. A stripe of cellophane magnetic tape is fixed to a piece of cardboard with clear adhesive tape Magnetic stripe prototype.jpg
The first prototype of magnetic stripe card created by IBM in the late 1960s. A stripe of cellophane magnetic tape is fixed to a piece of cardboard with clear adhesive tape

Magnetic storage was known from World War II and computer data storage in the 1950s. [7]

In 1969 an IBM engineer had the idea of attaching a piece of magnetic tape, the predominant storage medium at the time, to a plastic card base. He tried it, but the result was unsatisfactory. Strips of tape warped easily, and the tape's function was negatively affected by adhesives he used to attach it to the card. After a frustrating day in the laboratory trying to find an adhesive that would hold the tape securely without affecting its function, he came home with several pieces of magnetic tape and several plastic cards. As he entered his home his wife was ironing clothing. When he explained the source of his frustration – inability to get the tape to "stick" to the plastic so that it would not come off, but without compromising its function – she suggested that he use the iron to melt the stripe on. He tried it and it worked. [9] [10] The heat of the iron was just high enough to bond the tape to the card.

Front side of the first magnetic stripe plastic credit card. Note that the narrow magnetic stripe is on the front of the card. It was later switched to the back side. 2. Front of first mag striped encoded plastic card.JPG
Front side of the first magnetic stripe plastic credit card. Note that the narrow magnetic stripe is on the front of the card. It was later switched to the back side.
Back side of the first magnetic stripe plastic credit card 3. Back of first mag striped encoded plastic card.JPG
Back side of the first magnetic stripe plastic credit card
Back of early magnetic striped encoded paper card. The narrow magnetic stripe in the center of the card was applied using a magnetic slurry paint. 5. Back of first mag striped encoded paper card.JPG
Back of early magnetic striped encoded paper card. The narrow magnetic stripe in the center of the card was applied using a magnetic slurry paint.

Incremental improvements from 1969 through 1973 enabled developing and selling implementations of what became known as the Universal Product Code (UPC). [11] [12] [13] This engineering effort resulted in IBM producing the first magnetic striped plastic credit and ID cards used by banks, insurance companies, hospitals and many others. [11] [14]

Initial customers included banks, insurance companies and hospitals, who provided IBM with raw plastic cards preprinted with their logos, along with a list of the contact information and data which was to be encoded and embossed on the cards. [14] Manufacturing involved attaching the magnetic stripe to the preprinted plastic cards using the hot stamping process developed by IBM. [15] [16]

Further developments and encoding standards

IBM's development work, begun in 1969, but still needed more work. Steps required to convert the magnetic striped media into an industry acceptable device included:

Front and back of a card from the late 1980s used in food vending machines in the UK Example of Magnetic stripe card used for vending with slots cut in it.jpg
Front and back of a card from the late 1980s used in food vending machines in the UK
  1. Creating the international standards for stripe record content, including which information, in what format, and using which defining codes.
  2. Field testing the proposed device and standards for market acceptance.
  3. Developing the manufacturing steps needed to mass-produce the large number of cards required.
  4. Modifying available equipment to enable it to issue and accept stripes and the data associated with them.

These steps were initially managed by Jerome Svigals of the Advanced Systems Division of IBM, Los Gatos, California, from 1966 to 1975.

In most magnetic stripe cards, the magnetic stripe is contained in a plastic-like film. The magnetic stripe is located 0.223 inches (5.7 mm) from the edge of the card, and is 0.375 inches (9.5 mm) wide. The magnetic stripe contains three tracks, each 0.110 inches (2.8 mm) wide. Tracks one and three are typically recorded at 210 bits per inch (8.27 bits per mm), while track two typically has a recording density of 75 bits per inch (2.95 bits per mm). Each track can either contain 7-bit alphanumeric characters, or 5-bit numeric characters. Track 1 standards were created by the airlines industry (IATA). Track 2 standards were created by the banking industry (ABA). Track 3 standards were created by the thrift-savings industry.

Magstripes following these specifications can typically be read by most point-of-sale hardware, which are simply general-purpose computers that have been programmed to perform the required tasks. Examples of cards adhering to these standards include ATM cards, bank cards (credit and debit cards including Visa and MasterCard), gift cards, loyalty cards, driver's licenses, telephone cards, membership cards, electronic benefit transfer cards (e.g. food stamps), and nearly any application in which monetary value or secure information is not stored on the card itself. Many video game and amusement centers now use debit card systems based on magnetic stripe cards.

Magnetic stripe cloning can be detected by the implementation of magnetic card reader heads and firmware that can read a signature of magnetic noise permanently embedded in all magnetic stripes during the card production process. This signature can be used in conjunction with common two-factor authentication schemes utilized in ATM, debit/retail point-of-sale and prepaid card applications. [17]

Some types of cards intentionally ignore the ISO standards regarding which kind of data is recorded in each track, and use their own data sequences instead; these include hotel key cards, most subway and bus cards, and some national prepaid calling cards (such as for the country of Cyprus) in which the balance is stored and maintained directly on the stripe and not retrieved from a remote database.

Financial cards

There are up to three tracks on magnetic cards known as tracks 1, 2, and 3. Track 3 is virtually unused by the major worldwide networks [ citation needed ], and often is not even physically present on the card by virtue of a narrower magnetic stripe. Point-of-sale card readers almost always read track 1, or track 2, and sometimes both, in case one track is unreadable. The minimum cardholder account information needed to complete a transaction is present on both tracks. Track 1 has a higher bit density (210 bits per inch vs. 75), is the only track that may contain alphabetic text, and hence is the only track that contains the cardholder's name.

Track 1 is written with code known as DEC SIXBIT plus odd parity. The information on track 1 on financial cards is contained in several formats: A, which is reserved for proprietary use of the card issuer, B, which is described below, C-M, which are reserved for use by ANSI Subcommittee X3B10 and N-Z, which are available for use by individual card issuers:

Track 1

Format B:

  • Start sentinel — one character (generally '%')
  • Format code="B" — one character (alpha only)
  • Primary account number (PAN) — up to 19 characters. Usually, but not always, matches the credit card number printed on the front of the card.
  • Field Separator — one character (generally '^')
  • Name — 2 to 26 characters, surnames separated by space if necessary, Surname separator: /
  • Field Separator — one character (generally '^')
  • Expiration date — four characters in the form YYMM.
  • Service code — three characters
  • Discretionary data — may include Pin Verification Key Indicator (PVKI, 1 character), PIN Verification Value (PVV, 4 characters), Card Verification Value or Card Verification Code (CVV or CVC, 3 characters)
  • End sentinel — one character (generally '?')
  • Longitudinal redundancy check (LRC) — it is one character and a validity character calculated from other data on the track.
Track 2

This format was developed by the banking industry (ABA). This track is written with a 5-bit scheme (4 data bits + 1 parity), which allows for sixteen possible characters, which are the numbers 0–9, plus the six characters  : ; < = > ? . (It may seem odd that these particular punctuation symbols were selected, but by using them the set of sixteen characters matches the ASCII range 0x30 through 0x3f.) The data format is as follows:

  • Start sentinel — one character (generally ';')
  • Primary account number (PAN) — up to 19 characters. Usually, but not always, matches the credit card number printed on the front of the card.
  • Separator — one character (generally '=')
  • Expiration date — four characters in the form YYMM.
  • Service code — three digits. The first digit specifies the interchange rules, the second specifies authorization processing and the third specifies the range of services
  • Discretionary data — as in track one
  • End sentinel — one character (generally '?')
  • Longitudinal redundancy check (LRC) — it is one character and a validity character calculated from other data on the track. Most reader devices do not make the LRC available for display, but use it to verify the input internally to the device.

Service code values common in financial cards:

First digit

1: International interchange OK
2: International interchange, use IC (chip) where feasible
5: National interchange only except under bilateral agreement
6: National interchange only except under bilateral agreement, use IC (chip) where feasible
7: No interchange except under bilateral agreement (closed loop)
9: Test

Second digit

0: Normal
2: Contact issuer via online means
4: Contact issuer via online means except under bilateral agreement

Third digit

0: No restrictions, PIN required
1: No restrictions
2: Goods and services only (no cash)
3: ATM only, PIN required
4: Cash only
5: Goods and services only (no cash), PIN required
6: No restrictions, use PIN where feasible
7: Goods and services only (no cash), use PIN where feasible

United States and Canada driver's licenses

The data stored on magnetic stripes on American and Canadian driver's licenses is specified by the American Association of Motor Vehicle Administrators. Not all states and provinces use a magnetic stripe on their driver's licenses. For a list of those that do, see the AAMVA list. [18] [19]

The following data is stored on track 1: [20]

The following data is stored on track 2:

The following data is stored on track 3:

Note: Each state has a different selection of information they encode, not all states are the same. Note: Some states, such as Texas, [22] have laws restricting the access and use of electronically readable information encoded on driver's licenses or identification cards under certain circumstances.

Other card types

Smart cards are a newer generation of card that contain an integrated circuit. Some smart cards have metal contacts to electrically connect the card to the reader; there are also contactless cards that use a magnetic field or radio frequency (RFID) for proximity reading.

Hybrid smart cards include a magnetic stripe in addition to the chip—this combination is most commonly found in payment cards, to make them usable at payment terminals that do not include a smart card reader.

Cards that contain all three features (magnetic stripe, smart card chip, and RFID chip) are also becoming common as more activities require the use of such cards.[ citation needed ]

Vulnerabilities

DEF CON 24

During DEF CON 24, Weston Hecker presented Hacking Hotel Keys, and Point Of Sales Systems. In the talk, Hecker described the way magnetic strip cards function and utilised spoofing software, [23] and an Arduino to obtain administrative access from hotel keys, via service staff walking past him. Hecker claims he used administrative keys from POS systems on other systems, effectively providing access to any system with a magnetic stripe reader, providing access to run privileged commands.[ citation needed ]

Usage

Identification with a digital card is usually done in several ways:

  1. Displaying a QR code on the customer's smartphone to the identifying host (a cashier i.e.). The unique QR code ensures privacy for every customer.
  2. Engaging an NFC protocol connection by placing the smartphone near the NFC Reader (using host card emulation method).
  3. Using IoB (Identification over Bluetooth, an obsolete method which is rarely used) or PoB (Payment over Bluetooth).

See also

Related Research Articles

<span class="mw-page-title-main">ASCII</span> American character encoding standard

ASCII, abbreviated from American Standard Code for Information Interchange, is a character encoding standard for electronic communication. ASCII codes represent text in computers, telecommunications equipment, and other devices. Because of technical limitations of computer systems at the time it was invented, ASCII has just 128 code points, of which only 95 are printable characters, which severely limited its scope. Modern computer systems have evolved to use Unicode, which has millions of code points, but the first 128 of these are the same as the ASCII set.

The bit is the most basic unit of information in computing and digital communications. The name is a portmanteau of binary digit. The bit represents a logical state with one of two possible values. These values are most commonly represented as either "1" or "0", but other representations such as true/false, yes/no, on/off, or +/ are also widely used.

<span class="mw-page-title-main">Printer (computing)</span> Computer peripheral that prints text or graphics

In the field of computing, a printer is considered a peripheral device that serves the purpose of creating a permanent representation of text or graphics, usually on paper. While the majority of outputs produced by printers are readable by humans, there are instances where barcode printers have found a utility beyond this traditional use. Different types of printers are available for use, including inkjet printers, thermal printers, laser printers, and 3D printers.

<span class="mw-page-title-main">Character encoding</span> Using numbers to represent text characters

Character encoding is the process of assigning numbers to graphical characters, especially the written characters of human language, allowing them to be stored, transmitted, and transformed using digital computers. The numerical values that make up a character encoding are known as "code points" and collectively comprise a "code space", a "code page", or a "character map".

<span class="mw-page-title-main">Punched card</span> Paper-based recording medium

A punched card is a piece of card stock that stores digital data using punched holes. Punched cards were once common in data processing and the control of automated machines.

<span class="mw-page-title-main">IBM 1401</span> 1960s decimal computer

The IBM 1401 is a variable-wordlength decimal computer that was announced by IBM on October 5, 1959. The first member of the highly successful IBM 1400 series, it was aimed at replacing unit record equipment for processing data stored on punched cards and at providing peripheral services for larger computers. The 1401 is considered by IBM to be the Ford Model-T of the computer industry due to its mass appeal. Over 12,000 units were produced and many were leased or resold after they were replaced with newer technology. The 1401 was withdrawn on February 8, 1971.

<span class="mw-page-title-main">Proximity card</span> Contactless smart card

A proximity card or prox card also known as a key card or keycard is a contactless smart card which can be read without inserting it into a reader device, as required by earlier magnetic stripe cards such as credit cards and contact type smart cards. The proximity cards are part of the contactless card technologies. Held near an electronic reader for a moment they enable the identification of an encoded number. The reader usually produces a beep or other sound to indicate the card has been read.

<span class="mw-page-title-main">Personal identification number</span> PIN code

A personal identification number (PIN), or sometimes redundantly a PIN number or PIN code, is a numeric passcode used in the process of authenticating a user accessing a system.

Magnetic ink character recognition code, known in short as MICR code, is a character recognition technology used mainly by the banking industry to streamline the processing and clearance of cheques and other documents. MICR encoding, called the MICR line, is at the bottom of cheques and other vouchers and typically includes the document-type indicator, bank code, bank account number, cheque number, cheque amount, and a control indicator. The format for the bank code and bank account number is country-specific.

<span class="mw-page-title-main">EMV</span> Smart payment card standard

EMV is a payment method based on a technical standard for smart payment cards and for payment terminals and automated teller machines which can accept them. EMV stands for "Europay, Mastercard, and Visa", the three companies that created the standard.

ISO/IEC 7813 is an international standard codified by the International Organization for Standardization and International Electrotechnical Commission that defines properties of financial transaction cards, such as ATM or credit cards.

ISO 8583 is an international standard for financial transaction card originated interchange messaging. It is the International Organization for Standardization standard for systems that exchange electronic transactions initiated by cardholders using payment cards.

<span class="mw-page-title-main">Payment card</span> Card issued by a financial institution that can be used to make a payment

Payment cards are part of a payment system issued by financial institutions, such as a bank, to a customer that enables its owner to access the funds in the customer's designated bank accounts, or through a credit account and make payments by electronic transfer with a payment terminal and access automated teller machines (ATMs). Such cards are known by a variety of names, including bank cards, ATM cards, client cards, key cards or cash cards.

A card reader is a data input device that reads data from a card-shaped storage medium and provides the data to a computer. Card readers can acquire data from a card via a number of methods, including: optical scanning of printed text or barcodes or holes on punched cards, electrical signals from connections made or interrupted by a card's punched holes or embedded circuitry, or electronic devices that can read plastic cards embedded with either a magnetic strip, computer chip, RFID chip, or another storage medium.


A contactless smart card is a contactless credential whose dimensions are credit card size. Its embedded integrated circuits can store data and communicate with a terminal via NFC. Commonplace uses include transit tickets, bank cards and passports.

<span class="mw-page-title-main">Computer programming in the punched card era</span> History of computer programming using punch cards

From the invention of computer programming languages up to the mid-1970s, most computer programmers created, edited and stored their programs line by line on punch cards.

A six-bit character code is a character encoding designed for use on computers with word lengths a multiple of 6. Six bits can only encode 64 distinct characters, so these codes generally include only the upper-case letters, the numerals, some punctuation characters, and sometimes control characters. The 7-track magnetic tape format was developed to store data in such codes, along with an additional parity bit.

A payment card number, primary account number (PAN), or simply a card number, is the card identifier found on payment cards, such as credit cards and debit cards, as well as stored-value cards, gift cards and other similar cards. In some situations the card number is referred to as a bank card number. The card number is primarily a card identifier and may not directly identify the bank account number/s to which the card is/are linked by the issuing entity. The card number prefix identifies the issuer of the card, and the digits that follow are used by the issuing entity to identify the cardholder as a customer and which is then associated by the issuing entity with the customer's designated bank accounts. In the case of stored-value type cards, the association with a particular customer is only made if the prepaid card is reloadable. Card numbers are allocated in accordance with ISO/IEC 7812. The card number is typically embossed on the front of a payment card, and is encoded on the magnetic stripe and chip, but may also be imprinted on the back of the card.

<span class="mw-page-title-main">Card security code</span> Security feature on payment cards

A card security code is a series of numbers that, in addition to the bank card number, is printed on a credit or debit card. The CSC is used as a security feature for card not present transactions, where a personal identification number (PIN) cannot be manually entered by the cardholder. It was instituted to reduce the incidence of credit card fraud.

ISO/IEC 4909 is a 2006 international standard produced by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) for Identification cards — Financial transaction cards — Magnetic stripe data content for track 3. It was reviewed in 2018. The original ISO 4909 standard appeared in 1987. It is one of a number of international bank card standards. The standard is used for credit cards.

References

  1. 1 2 3 Brian X. Chen (December 1, 2021). "How to Carry Your Covid Health Data on a Smartphone". The New York Times . Retrieved August 29, 2022.
  2. "Q & A for a digital world". The New York Times . November 8, 2007. Retrieved August 29, 2022.
  3. J. D. Biersdorfer (October 10, 2002). "Memory Cards as Kin That Can't Get Along". The New York Times . Retrieved August 29, 2022.
  4. "Digital credit card replacement Coin is almost ready to swipe — the Coin Beta begins today". August 22, 2014.
  5. "MTA Looks to Replace MetroCard With System Using 'Contactless Media'". CNBC NBC New York. April 13, 2016. Retrieved November 30, 2016.
  6. "AES Historical Committee". www.aes.org.
  7. 1 2 Jerome Svigals, The long life and imminent death of the mag-stripe card, IEEE Spectrum, June 2012, p. 71
  8. "Google Pay - Learn What the Google Pay App is & How to Use It".
  9. "IBM100 - Click on "View all icons". Click on 8th row from the bottom titled "Magnetic Stripe Technology"". IBM . February 3, 2011. Retrieved February 3, 2011.
  10. "Article on Forrest Parry, pages 3-4" (PDF). Archived from the original (PDF) on October 27, 2011. Retrieved November 29, 2011.
  11. 1 2 "IBM Archives: DPD chronology - page 4". 03.ibm.com. January 23, 2003. Retrieved October 25, 2015.
  12. Kennedy, Pagan (January 4, 2013). "Who Made That Universal Product Code". The New York Times . Retrieved October 25, 2015.
  13. "IBM100 - UPC". 03.ibm.com. March 7, 2012. Retrieved October 25, 2015.
  14. 1 2 "IBM100 - System 360". 03.ibm.com. April 7, 1964. Retrieved October 25, 2015.
  15. U.S. patent 3,685,690 , "Credit card automatic currency dispenser"; Thomas Barnes, George Chastain, and Marion Karecki; issued August 22, 1972
  16. U.S. patent 3,761,682 , "Credit card automatic currency dispenser"; Thomas Barnes, George Chastain, and Don Wetzel; issued September 25, 1973
  17. "Welcome to MagnePrint®: What is MagnePrint?". Magneprint.com. Retrieved November 29, 2011.
  18. "ID Security Technologies". AAMVA. Retrieved October 25, 2015.
  19. Archived December 2, 2010, at the Wayback Machine
  20. 2010 AAMVA DL/ID Card Design Standard Ver 1.0, Annex F.6, Aamva.org, June 2010, retrieved August 9, 2010
  21. "AAMVA - IIN and RID". www.aamva.org. Archived from the original on September 1, 2017. Retrieved July 19, 2017.
  22. "Texas statutes, section 521.126, restricting use of electronically readable information from driver's licenses or personal identification certificates". Texas Legislature Online, State of Texas. June 2015. Retrieved April 4, 2016.
  23. "Samy Kamkar: MagSpoof - credit card/magstripe spoofer". samy.pl. Retrieved December 2, 2016.


This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.