Magnetic stripe cards, e.g., credit cards, debit cards, membership cards, and the like, have long been employed to facilitate commerce and for identification purposes. Generally speaking, a magnetic stripe card includes a plastic or metallic card base on which a magnetic stripe is affixed. The information necessary to conduct a transaction (such as a purchase of goods/services or an identification query) is embedded in the magnetic stripe on the card. Many cards also include visually perceptible or human-readable data embossed or printed directly on the card itself. The data embedded in the magnetic pattern and the visually perceptible data may be used alternatively or together by the cardholder to accomplish a transaction.
In this document, credit cards will be employed as examples. However, the problems and solutions discussed herein are not limited to credit cards and may apply to all magnetic stripe cards irrespective of the purpose for which they are employed.
Contemporary credit cards, which are representative of magnetic stripe cards, are widely employed to facilitate the purchase of goods and services by cardholders. To facilitate discussion, a description of a typical credit card transaction is provided. Suppose, for example, a cardholder wishes to purchase a book using his credit card. If the purchase is performed in a manner that does not require the physical handling of the card by the merchant or the physical presence of the card (such as an online purchase), the cardholder may provide the credit card information (e.g., credit card number, expiration date, security code, cardholder's name and address, etc.) by furnishing some of the required information off the surface of the card itself. If the purchase is performed at a point-of-sale terminal (such as at the cash register in the bookstore), the cardholder or the store's clerk may swipe the card through a magnetic card reader to provide the credit card information directly from the magnetic stripe itself.
The credit card information, along with the merchant's information and the cost of the book that the cardholder wishes to purchase, may then be communicated by the merchant's device via a telecommunication network (e.g., the Internet or some other network) to one or more transaction processing servers. The transaction processing servers of the acquiring bank work cooperatively with databases of the institution that issues the credit card to, for example, ascertain whether the account associated with the given credit card has sufficient available credit to cover the cost of the book, whether the transaction appears fraudulent based on fraud detection algorithms, etc. If the transaction is approved, the approval information is relayed back to the merchant, who then allows the cardholder to complete the purchase. If the transaction is not approved, the denial information is relayed back to the merchant, who then rejects the attempted transaction. The above-described sequence of steps and the infrastructure mentioned are typical today, although there may be variations on the theme depending on specific implementations.
Although credit cards are widely used and there exists an extensive magnetic stripe card processing infrastructure comprising card readers, communication infrastructure, transaction processing systems and issuing bank databases, etc., to facilitate commerce using credit cards, the current credit card implementation is inherently insecure and far from being convenient/efficient/secure for cardholders, merchants, and card issuers.
For example, the wallet of a typical consumer may contain half a dozen or more magnetic stripe cards, including credit cards, each of which is associated with a different account. Since these credit cards have expiration dates, they need to be reissued from time to time. There exists a non-trivial cost associated with the issuance, updating, and/or renewal of the multiple credit cards for card issuers. For the cardholders, it is burdensome to carry and keep track of multiple credit cards. The burden is felt most acutely if, for example, the wallet is stolen and the cardholder must remember the cards that he or she possessed, and must find the contact information of the individual issuing banks in order to contact the individual issuing banks and, in a timely manner alert the issuing banks to possible fraudulent use of the stolen or lost credit cards. The existence of multiple credit cards also complicates or renders difficult the process of replacing lost cards.
Furthermore, credit cards tend to be passive devices. In other words, the data that is printed on the card surface and embedded in the magnetic stripe of a credit card is fixed and cannot be changed without having the card reissued. Because the typical credit card is passive, the same data is designed to be furnished to different vendors and is employed by different vendors to facilitate different transactions at different times. For example, the same credit card information (e.g., credit card number, expiration date, cardholder's name, etc.) furnished to a bookstore today is also furnished to the grocery store next week to accomplish the purchase of books and groceries respectively.
Given the fact that the credit card information is in human readable form on the card surface itself (typically comprising no more than a few dozen alphanumeric characters to represent the aforementioned credit card number, expiration date, cardholder's name, etc.), such credit card information is highly vulnerable to being snooped by another human being nearby, thus potentially exposing the cardholder and issuing bank to fraud-related losses.
The fixed magnetic code pattern on the typical credit card is also inherently insecure. As mentioned, in a typical point-of-sale transaction (such as at the grocery store), the cardholder provides the merchant with the credit card information by either handing a clerk the credit card or by swiping the credit card through a card reader. This approach is inherently insecure because the magnetic code pattern, being a fixed pattern that is designed to be reused from transaction to transaction, can be easily stored and then cloned and/or copied onto a blank card by a dishonest merchant or sales clerk. Since the data pattern is fixed and intended to be reusable for different transactions, once the credit card information is stolen, the cloned card or copied card information can be used until the fraud is detected at some later time, typically by the cardholder upon receiving a large bill from the card issuer for items he did not purchase or, in some cases, by the card issuer's fraud detection software upon detecting unusual or suspicious patterns of transaction attempts.
Even if fraud is not involved, the magnetic stripes in today's credit cards are fragile and susceptible to damage. For example, cardholders have long experienced situations wherein their cards are inadvertently demagnetized by another credit card or a magnet or by a stray electromagnetic field.
As can be appreciated from the foregoing, today's magnetic stripe card implementations leave much room for improvement.