💾 Archived View for gemini.spam.works › mirrors › textfiles › groups › BANANAREPUBLIC › card.txt captured on 2020-11-01 at 00:03:19.
-=-=-=-=-=-=-
File :CARD.TXT
Author :Iceman
BBS :The Banana Republic BBS
A Brief Guide to Magnetic Strip and Smart Cards
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Magnetic Strip Cards
====================
These are based on the IS 7810 and IS 7811 standards. The IS 7810 standard
covers the physical standards, the IS 7811 standard covers the embossing of
characters. Based on IS 7811 is the system of three parallel tracks, which are
numbered in relation to their distance from the cards top edge with track 1
being closest to the edge. Each track holds a string of magnetically encoded
data bits which are read sequentially by the read head of the magnetic strip
reader. The table below summarises the track information:
Track 1 210 bpi; 79 alphanumeric characters
(Read only) Used mainly by its airline developers (IATA).
First field for account number (up to 19 digits)
Second field for name (up to 26 alphanumerics)
Track 2 75 bpi; 40 digits (numeric only)
(Read only) Developed by American Bankers Association for online use
First field for account number (up to 19 digits)
Track 3 210 bpi; 107 digits (numeric only)
(Read/Write) Higher density achieved by later technology.
Rewritten after each use. Suitable for off-line, ie fallback
from offline.
Uses PIN verification value (encoded).
Track 2 is usually written prior to the card being passed to the card
holder, and is subsequently interrogated by the card-reading terminal each time
it is presented. The contents, including the cardholders account number, are
transferred irectly to the card issuers computer centre for identification and
verification purposes. This online process enables the centre to confirm or
deny the terminals response to the presenter of the card.
Track 3 was introduced some time after the other tracks and is the only
read/write track on the card. Its contents are re-written each time it is used
and it contains an encoded version of the PIN which is unique to each
cardholder and is keyed in whenever the card is presented.
This encoded format or PIN verification value (PVV) is compared with the
PIN by the terminal to verify a correct match and thereby avoids the need to
involve a check being carried out by the central computer. Such a process is
described as offline, ie there is no necessity for the terminal to transmit to
a distant centre and await confirmation to proceed.
VISA has enhanced the basic card with its Member-Controlled Authorisation
Service (MCAS), which exploits the unused data areas on track 1 to give the
following enhancements:
- Extra magnetic stripe security designed to prevent counterfeiting and
alteration.
- In-terminal authorisation, ie offline for lower value transactions or
during online failures.
- Additional encoded data providing credit worthiness cirteria and designed
to provide local PIN verification.
There are also a few other attempts at greater security such as EMI/Malco's
Watermark system which won't be discussed here since they are at present only
experimental and are beyind the scope of the average hacker.
Smart Cards
===========
Standards for these are still in the draft stage, and very few are
currently in circulation (one of the developers, Intamic, established a
"Physical and Electrical Characteristics Working Group" back in 1981, and
shortly thereafter it obtained "liason member" status (non-voting) on the
appropriate ISO technical committee (TC 97) - which has responsibility for
information processing and data security standards - and its Subcommittee (SC
17) which has specific responsibility for ID and credit cards. In turn, SC 17
created Working Group 4 to tackle the title "Integrated circuit(s) card with
contacts", which then established a subcommittee to report back .... well you
get the picture.
Anyway, much of this work has now reached the Draft International Standard
stage (DIS 7816). It includes not only the original physical characteristics
specified under ISO 7810, but also additional requirements such as the surface
profile of the contacts, mechanical strength, electrical resistance of the
contacts etc etc which aren't really of much interest. This is covered in Part
1 of the standard. Part 2 covers the electrical contacts, which are assigned
as follows:
+--+ +--+
|C1| Vcc - Circuit supply voltage |C5| GND - zero voltage reference
+--+ +--+
+--+ +--+
|C2| Reset |C6| Vpp - prog.supply voltage
+--+ +--+
+--+ +--+
|C3| Clock |C7| Serial data I/O
+--+ +--+
+--+ +--+
|C4| Currently unassigned |C8| Unassigned
+--+ +--+
The two unassigned pins will probably used in reprogrammable cards.
Part 3 of the Draft Standard is concerned with electronic signals and
exchange protocols and covers power/signal voltages; start-up functions
including power-on, reset, and data exchange; clocking rates, parity checking,
and other transmission-related activities as well as the data tansfer itself.
At the time of this document "going to press" these standards were still under
debate. Since these cards are at present quite scarce this information is not
of much practical interest anyway........
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Well, that's about it. I hope this has given all you hackers something to
think about. Remember that anybody can buy a magnetic strip reader for around
NZ$500 or so, which is certainly money well invested, especially if several
people chip in with $100 each.
Peace and Free Software,
The Iceman.
-------------------------------------------------------------------------------
AUTHOR :Iceman
-------------------------------------------------------------------------------
Brought to the WORLD by The Banana Republic BBS, Auckland, New Zealand
-------------------------------------------------------------------------------