This relates to card data such as payment card data and, more particularly, structured encryption of card data.
Credit cards and other payment cards are widely used in modern financial transactions. In a typical transaction, a cardholder swipes a payment card through a magnetic stripe reader associated with a point-of-sale system. The magnetic stripe reader extracts track data from the payment card. The point-of-sale system sends the track data to a remote payment gateway to determine whether the cardholder is authorized to make a purchase. If the cardholder is authorized, the cardholder's purchase may be charged to the cardholder's account.
The track data from a payment card may include sensitive information such as the cardholder's account number. Due to the sensitive nature of the track data, track data is generally only conveyed to payment gateways over secure links.
To ensure that track data cannot be easily intercepted, it may be desirable to encrypt the track data at or near the point-of-sale system. If care is not taken, however, the encryption process will significantly change the format of the track data. As a result, the encrypted version of the track data may not be compatible with systems that are interposed between the point-of-sale terminal and the payment gateway.
It would therefore be desirable to be able to provide improved ways in which to secure payment card track data.