The United States primarily relies upon static magnetic stripe credit and debit cards that are readable by a magnetic stripe card reader. The US payment cards have no electronics embedded within the card body and no microprocessors. To a limited extent, less than 5% of terminals read contractless cards, which provide magnetic stripe data that is communicated contactlessly using 14443 protocol. Outside the United States, many countries rely upon EMV (Europay MasterCard, Visa) cards using a secure microprocessor in combination with static magnetic stripe data so they are readable by EMV chipt card readers as well as magnetic stripe readers. While EMV standard chip readers provide a higher level of security, the static magnetic stripe cards are Each option has its advantages and disadvantages, and there are many reasons why both cards currently exist.
Since the 1960's debit, credit, charge and payment cards have been inanimate pieces of plastic. Cardholders are identified by a primary account number, expiration date and other cardholder service codes, verification codes and discretionary data, all of which is encorded on the magnetic stripe data packet on the back of the card along with three to four static security number known as CVC 2, CVId2, CVV2, which are adjacent to the signature panel on the back of the card. Cardholders are identified on the front of the card by their name along with an account number viewable on the front of the card, the expiration data of the card and possibly information about the network on which the payment card operates.
The magnetic stripe data contains static cardholder data that can be read by magstripe readers, the terminals used by merchants at the point of sale (“POS”). When a merchant swipes a card, a magnetic head reads the static and then transmits the data to the issuing bank with an authorization request. “Track 1” data on the magstripe typically contains the customer's name, account number, expiration date, and a “discretionary data” field to be used by the issuing bank. “Track 2” data contains the account number, expiration date, and another “discretionary data” field, all of which must fit within approximately 40 digits of space. Until recently, the majority of banks used only Track 2 data for their payment card transactions.
The security issue facing magnetic stripe payment cards. Any individual who obtains the Track 1 and Track 2 account information and the printed security code has all the information that he needs to manufacture a counterfeit card. Once gained whether through security breaches at the terminal level or through skimming devices, the compromised magnetic stripe data can be reused by fraudsters who encode the data on counterfeit plastics. It is estimated that transaction fraud from skimming, data breaches costs the issuing banks (and ultimately the cardholders) many billions of dollars a year.
Outside of the US, payment card fraud is being addressed by EMV (Europay, MasterCard Visa) cards that use a microprocessor readable by EMV chip readers. EMVCo sets the protocols and approval processes for EMV terminals and the EMV microprocessors that are embedded in the EMV chip cards. The EMV cards are more difficult to duplicate than conventional cards due to the security features of the microprocessors.
EMV cards provide many benefits, however when presented at conventional magnetic stripe POS terminal readers, the EMV chip is not used and the conventional static magnetic stripe data packet is read. To achieve the benefits of the EMV cards, it is required that the new EMV chip terminals be installed at the merchant. Accordingly it is only when there is wholesale replacement of the existing POS magnetic stripe terminals that EMV chip cards can deliver the full benefit of fraud prevention. This “re-terminalization” is essential to widespread smart card adoption and is a burdensome expense to merchants who must change both their terminals and their back-end IT infrastructure.
MasterCard and Visa accelerated smart card adoption in Europe, Malaysia, Singapore and other territories through what is known as “liability shift.” In the United States, a POS merchant is not liable for loss when a fraudulent card is used in a “card present” transaction, so long as the merchant properly obtains a “personal identification number” (“PIN”) or a signature and obtains authorization from the issuing bank. If the issuing bank approves a transaction made with a fraudulent card re-using static magnetic stipe data, the issuing bank absorbs that loss. Conversely, in countries with “liability shifts”, the issuing banks is mandated to distribute EMV compliant payment cards, and it is the merchant that bears the fraud loss unless he has invested in an EMV compliant card terminal, even if the merchant accepts a fraudulent card. Shifting the fraud loss to the merchant gives the merchant a strong incentive to invest in the new EMV complaint terminals.
Although MasterCard and Visa have attempted to to introduce EMV cards in the United States, they have not enjoyed success. In considerable part, this is due to the enormous cost of merchant re-terminalization and updates to the IT processing platform, estimated to be in the vicinity of $12-13 billion. Because MasterCard and Visa have been unable to shift the fraud loss to merchants, those merchants lack the economic incentive to invest in EMV terminals and issuers only issue EMV cards for the limited segment of their portfolios that are used outside of the US.
As a result, the American payment card market did not respond to increasing multibillion-dollar fraud payment card transaction through the widespread adoption of EMV cards.
The present invention was created to reduce payment card fraud by ensuring transaction-specific data could be used to authenticate a cardholder through authorization and could be readable by the existing legacy system of magstripe readers and transaction networks. The inventors understand that EMV cards would be adopted slowly if at all in the US, which creates a compelling need to make the legacy system itself more secure.
The present invention enables the magnetic stripe card itself to become the center of innovation. Re-terminalization is unnecessary because data is received from the card in the traditional format. The present invention ensures transaction-specific magnetic stripe data can be read universally by all legacy magnetic stripe terminals.
It has long been desired to create a single card usable both inside the United States with magnetic stripe readers and outside the United States with smart card readers that offers the advantages of both cards while minimizing the disadvantages of both cards. Such a card not only has the promise of saving billions of dollars a year in fraud, but it also has the promise of opening many other uses for the card, and generating enormous savings related to combining multiple cards into a single card. Yet, to date, it does not exist.
The prior art includes many patents that propose just such a card, but none has yet been commercialized. Given the long felt need for such a card, and the enormity of the problems it could solve, and the attempts by a great many to solve the problems associated with creating such a card, one has to ask why such a card is not yet available. The reasons are many. Cost and manufacturability are two primary reasons why such a card has not yet been commercialized, but there are other reasons as well. The present invention recognizes and solves a problem that has prevented electronic smart cards from providing transaction-specific magnetic stripe data packet which is consistently readable by magnetic stripe card readers.