Loading presentation...

Present Remotely

Send the link below via email or IM


Present to your audience

Start remote presentation

  • Invited audience members will follow you as you navigate and present
  • People invited to a presentation do not need a Prezi account
  • This link expires 10 minutes after you close the presentation
  • A maximum of 30 users can follow your presentation
  • Learn more about this feature in our knowledge base article

Do you really want to delete this prezi?

Neither you, nor the coeditors you shared it with will be able to recover it again.


Typical Credit Card Data Path

No description

mason quist

on 29 January 2013

Comments (0)

Please log in to add your comment.

Report abuse

Transcript of Typical Credit Card Data Path

The magnetic band is a dark horizontal strip near the top of the credit card's back side. Banks record the data in a standard format consisting of three parallel tracks.

Track 1

The first track contains your name, the card's account number, and its expiration date. It also has code for the country in which the bank operates.

Track 2

The next track repeats the account number, expiration date and country code. This track is smaller than track 1.

Track 3

Data on the third track was meant to be updated with every use. Though this track was set aside and defined by the original specifications, no bank currently uses it.

Other Data

Special coded information marks the start and end of each track. The tracks also have open areas where institutions can keep other information unique to their businesses Purpose

Data storage tracks have been around since the early 1970's according to the "New York Times." The strip contains three tracks to provide information redundancy. That means, if the first track of the magnetic stripe is damaged, the second track can still carry enough information to use the credit card to make purchases. Multiple tracks also make it easier for scanning software and devices to interpret the information correctly.

Card Track One

Track one is the only track that contains the name of the account holder.This track also contains the information of the card issuing bank, including the credit account number, cardholder billing address, country code for the account, expiration date of the account and a three digit service code. The service code communicates to a buyer how the card must be billed, if the buyer has international purchasing privileges or just national purchasing privileges and whether or not a PIN number is required for purchase approval.

Card Track Two

Track two in the magnetic stripe of a credit or debit card stores very similar information to track one with several important differences. Track two only stores numeric code, whereas track one stores alphanumeric code. This means track two cannot store information containing letters, only numbers. Track two may also include the primary account number and discretionary data like PIN number verification and the criteria for purchase approval. According to the Plastic Rewards website, one purpose of track two is to review the information sent from the credit card to the scanner to ensure all the information is read correctly and no errors occur.

Card Track Three

According to the Plastic Rewards website, as of January 2011 track three on a credit card magnetic strip is not in use by national bank card issuers. Other credit card issuers like department stores may use track three for purchasing data storage including any PIN required to access the account and total available credit . No standard exists for data stored on track three as exists with tracks one and two. Some credit cards with very narrow magnetic strips do not contain a third data track. Features

The magnetic strip on a credit card actually contains three separate tracks of data, each with a width of about 1/10 inch. The first track contains the credit card number, expiration date, account holder's name, the country in which the card was issued, and 79 additional character spaces that the issuing bank can use in any way. The second track contains the same identifying information, although occasionally not the user's name, plus 40 additional character spaces. The information in the third track of the magnetic strip varies depending on the issuing bank, but it often includes a PIN number, authorized spending amount and the currency units.

How It Works

When a credit card is swiped through a magnetic reader at a point-of-sale terminal, the magnetic reader obtains the information from the strip by analyzing the orientation of each of the magnetic particles embedded in the strip. This information is sent through a modem to a company that checks to see if the account is in good standing and has enough credit available to cover the purchase. Once the card is approved, the account holder can complete the purchase. What Credit Card Numbers Mean

Although phone companies, gas companies and department stores have their own numbering systems, ANSI Standard X4.13-1983 is the system used by most national credit-card systems.

Here are what some of the numbers stand for:

The first digit in your credit-card number signifies the system:
•3 - travel/entertainment cards (such as American Express and Diners Club)
•4 - Visa
•5 - MasterCard
•6 - Discover Card

The structure of the card number varies by system. For example, American Express card numbers start with 37; Carte Blanche and Diners Club with 38.
•American Express - Digits three and four are type and currency, digits five through 11 are the account number, digits 12 through 14 are the card number within the account and digit 15 is a check digit.
•Visa - Digits two through six are the bank number, digits seven through 12 or seven through 15 are the account number and digit 13 or 16 is a check digit.
•MasterCard - Digits two and three, two through four, two through five or two through six are the bank number (depending on whether digit two is a 1, 2, 3 or other). The digits after the bank number up through digit 15 are the account number, and digit 16 is a check digit. The Stripe on a Credit Card

The stripe on the back of a credit card is a magnetic stripe, often called a magstripe. The magstripe is made up of tiny iron-based magnetic particles in a plastic-like film. Each particle is really a tiny bar magnet about 20-millionths of an inch long.

The magstripe can be "written" because the tiny bar magnets can be magnetized in either a north or south pole direction. The magstripe on the back of the card is very similar to a piece of cassette tape.

There are three tracks on the magstripe. Each track is about one-tenth of an inch wide. The ISO/IEC standard 7811, which is used by banks, specifies:
•Track one is 210 bits per inch (bpi), and holds 79 6-bit plus parity bit read-only characters.
•Track two is 75 bpi, and holds 40 4-bit plus parity bit characters.
•Track three is 210 bpi, and holds 107 4-bit plus parity bit characters.

Your credit card typically uses only tracks one and two. Track three is a read/write track (which includes an encrypted PIN, country code, currency units and amount authorized), but its usage is not standardized among banks.

The information on track one is contained in two formats: A, which is reserved for proprietary use of the card issuer, and B, which includes the following:
•Start sentinel - one character
•Format code="B" - one character (alpha only)
•Primary account number - up to 19 characters
•Separator - one character
•Country code - three characters
•Name - two to 26 characters
•Separator - one character
•Expiration date or separator - four characters or one character
•Discretionary data - enough characters to fill out maximum record length (79 characters total)
•End sentinel - one character
•Longitudinal redundancy check (LRC) - one character LRC is a form of computed check character.

The format for track two, developed by the banking industry, is as follows:
•Start sentinel - one character
•Primary account number - up to 19 characters
•Separator - one character
•Country code - three characters
•Expiration date or separator - four characters or one character
•Discretionary data - enough characters to fill out maximum record length (40 characters total)
•LRC - one character

For more information on track format, see ISO Magnetic Stripe Card Standards.

There are three basic methods for determining whether your credit card will pay for what you're charging:
•Merchants with few transactions each month do voice authentication using a touch-tone phone.
•Electronic data capture (EDC) magstripe-card swipe terminals are becoming more common -- so is swiping your own card at the checkout.
•Virtual terminals on the Internet

This is how it works: After you or the cashier swipes your credit card through a reader, the EDC software at the point-of-sale (POS) terminal dials a stored telephone number (using a modem) to call an acquirer. An acquirer is an organization that collects credit-authentication requests from merchants and provides the merchants with a payment guarantee.

When the acquirer company gets the credit-card authentication request, it checks the transaction for validity and the record on the magstripe for:
•Merchant ID
•Valid card number
•Expiration date
•Credit-card limit
•Card usage

Single dial-up transactions are processed at 1,200 to 2,400 bits per second (bps), while direct Internet attachment uses much higher speeds via this protocol. In this system, the cardholder enters a personal identification number (PIN) using a keypad.

The PIN is not on the card -- it is encrypted (hidden in code) in a database. (For example, before you get cash from an ATM, the ATM encrypts the PIN and sends it to the database to see if there is a match.) The PIN can be either in the bank's computers in an encrypted form (as a cipher) or encrypted on the card itself. The transformation used in this type of cryptography is called one-way. This means that it's easy to compute a cipher given the bank's key and the customer's PIN, but not computationally feasible to obtain the plain-text PIN from the cipher, even if the key is known. This feature was designed to protect the cardholder from being impersonated by someone who has access to the bank's computer files.

Likewise, the communications between the ATM and the bank's central computer are encrypted to prevent would-be thieves from tapping into the phone lines, recording the signals sent to the ATM to authorize the dispensing of cash and then feeding the same signals to the ATM to trick it into unauthorized dispensing of cash.

If this isn't enough protection to ease your mind, there are now cards that utilize even more security measures than your conventional credit card: Smart Cards.
Full transcript