Reading data from the magnetic stripes on credit and debit cards has primarily been performed by swiping the magnetic stripe against reader heads of a magnetic stripe reader (MSR). The data contained in the magnetic stripe is encoded in discrete tracks (channels) whose content and format are mutually incompatible. The movement of the card causes the fields produced by magnetic domains contained in the stripe to induce voltages in the MSR's read heads. An MSR is capable of reading the data from one or more tracks/channels, and includes a read head for each channel that will be read. The MSR reads the data encoded in a track by converting a sequence of voltages induced in a channel's read head into a series of binary bits. The tracks are spaced closely to each other, so each read head is precisely lined up with a corresponding track of the magnetic stripe.
A typical magnetic stripe with its tracks is described with reference to FIG. 1. As illustrated, there are three tracks of data (labeled as 101, 102, and 103), which are encoded in the magnetic stripe 11. On a standard credit/debit card, the magnetic stripe is located 0.223 inches (5.66 mm) from the edge of the card. A width 111 of each of the three tracks is 0.110 inches (2.79 mm). Each track conforms to a different encoding standard 112. The standard 112 corresponding to a track specifies the respective track's recording density 113 and character configuration 114 (in terms of bits-per-character and character type). Each track may contain a different number of characters (Information Content 115), with the maximum number of characters in each track specified in the corresponding standard 112.
The format of Track 1 101 was specified in a standard 112a developed by the International Air Transaction Association (IATA) for the automation of airline ticketing or other transactions where a reservation database is accessed. Track 1 101 typically has a recording density 113a of 210 bits per inch (8.27 bits per mm). The character configuration 114a of Track 1 101 is 7-bit alphanumeric characters. The information content 115a (including control characters) is limited to a maximum of 79 characters.
The format of Track 2 102 was specified in a standard 112b developed by the American Bankers Association (ABA) for the automation of financial transactions. Track 2 information is also used by most systems that require an identification number and other control information. Track 2 102 typically has a recording density 113b of 75 bits per inch (2.95 bits per mm). The character configuration 114b of Track 2 102 is 5-bit numeric characters (plus 5-bit control characters). The information content 115b (including control characters) is limited to a maximum of 40 characters.
The format of Track 3 103 is specified by a standard 112c developed by the Thrift-Savings industry. Track 3 103 typically has a recording density 113c of 210 bits per inch (8.27 bits per mm). The character configuration 114c of Track 3 103 is 5-bit numeric characters (plus 5-bit control characters). The information content 115c (including control characters) is limited to a maximum of 107 characters. Track 3 103 is unused by many of the major worldwide financial networks, and sometimes is not even physically present on a card, allowing for a narrower magnetic stripe. However, Track 3 103 is used in certain places, e.g. China, typically as an alternative to Track 2 102.
FIG. 2 illustrates an example data structure stored on Track 1 101 of a payment card. Track 101 may include the following fields (in this order):
SS|FC|PAN|FS|Name|FS|Additional Data|Discretionary Data|ES|LRC.
The data structure of Track 1 comprises a one-character Start Sentinel (SS) 210 and a one-character End Sentinel 226, with up to 76 data characters (211) in-between. The Start Sentinel (SS) 210 and the End Sentinel 226 are “control” characters specified by the track standard 112a. The data characters 211 may also include control characters, such as characters that delimit between fields. An example of a control character included within the data sequence 211 is a Field Separator 216.
The one-character Start Sentinel (SS) 210 indicates the beginning of the data structure and consists of a “%” character. A one-character Format Code (FC) 212 is an alphabetic-only (A-to-Z) character and indicates the card type. A Primary Account Number (PAN) field 214 comprises the credit/debit card number, is always numerical, and contains up to 19 digits. The one-character Field Separators (FS) 216a and 216b delimit different fields and each consists of a “{circumflex over ( )}” character. A Name field 218 corresponds to the name of a particular card account holder, and consists of two-to-twenty-six character alphanumeric characters. If the Name field 218 is not used, it may be replaced with a blank-space character followed by a “/” character.
An Additional Data field 222 typically includes up to seven numbers. Four of the numbers may indicate an expiration date of the card in a YYMM format. If the date field information is not included, another field separator 216 may be included instead. Three of the numbers of the Additional Data field 222 may be a three-character service code relating to the types of charges that may be accepted. If the service code field is omitted, another field separator 216 may be included instead.
A Discretionary Data field 224 includes data used for card verification information. Examples of the discretionary data include a one-character PIN Verification Key Indicator (PVKI), a four-character PIN Verification Value (PVV) or Offset, and a three-character Card Verification Value (CVV) or Card Validation Code (CVC). The one-character End Sentinel (ES) 226 indicates an end of the data structure and consists of a “?” character. A one-character Longitude Redundancy Check (LRC) 228 is included at the end of the data structure to provide verification that Track 1 101 was accurately read by the MSR.
FIG. 3 illustrates an example data structure stored on Track 2 102. Track 2 102 may include the following fields (in this order):
SS|PAN|FS|Additional Data|Discretionary Data|ES|LRC.
The data structure of Track 2 comprises a one-character Start Sentinel (SS) 310 and a one-character End Sentinel 326, with up to 37 data characters (311) in-between. The Start Sentinel (SS) 310 and the End Sentinel 326 are “control” characters specified by the track standard 112b. The data characters 311 may also include control characters, such as characters that delimit between fields. An example of a control character included within the data sequence 311 is a Field Separator 316.
The one-character Start Sentinel (SS) 310 indicates the beginning of the data structure and consists of a “;” character. A Primary Account Number (PAN) field 314 is similar to the PAN 214 in Track 1. The PAN field 314 comprises the credit/debit card number, is always numerical, and contains up to 19 digits. The one-character Field Separator (FS) 316 consists of a “=” character. The Additional Data field 322 is similar to the Additional Data field 222 in Track 1 101, and may include the expiration date field and the service code field, with a Field Separator (FS) 316 substituted if a field is omitted. A Discretionary Data field 324 includes data like that described in connection with the Discretionary Data field 224 in Track 1 101. The one-character End Sentinel (ES) 326 indicates an end of the data structure and consists of a “?” character. A one-character Longitude Redundancy Check (LRC) 328 is included at the end of the data structure to provide verification that Track 2 102 was accurately read by the MSR.
FIG. 4 illustrates an example data structure stored on Track 3 103. Track 3 103 may include the following fields (in this order):
SS|FC|PAN|FS|Use and Security Data|Additional Data|ES|LRC.
The data structure of Track 3 comprises a one-character Start Sentinel (SS) 410 and a one-character End Sentinel 426, with up to 104 data characters (411) in-between. The Start Sentinel (SS) 410 and the End Sentinel 426 are “control” characters specified by the track standard 112c. The data characters 411 may also include control characters, such as characters that delimit between fields. An example of a control character included within the data sequence 411 is a Field Separator 416.
The one-character Start Sentinel (SS) 410 indicates the beginning of the data structure and consists of a “;” character. A two-digit Format Code (FC) 212 is numeric-only (00-to-99). A Primary Account Number (PAN) field 414 is similar to the PAN fields 214 and 314, containing up to 19 digits. The one-character Field Separator (FS) 416 consists of a “=” character. A Use and Security Data field 420 includes a variety of sub-fields related to currency types, payment limits, payment cycles, and card security. Sub-fields that are omitted may be replaced with a Field Separator (FS) 416.
An Additional Data field 422 may include fields indicating optional subsidiary account numbers, a digit relay marker field, a six digit crypto check field containing a validation value used to verify the integrity of Track 3 content, and various additional data. Field Separators (FS) 416 may be placed between subfields, and substituted for sub-fields such as the crypto-check data field if omitted. The one-character End Sentinel (ES) 426 indicates an end of the data structure and consists of a “?” character. A one-character Longitude Redundancy Check (LRC) 428 is included at the end of the data structure to provide verification that Track 3 103 was accurately read by the MSR.
FIG. 5 illustrates a typical structural arrangement of MSR read heads 500, including a Track 1 read head 501 and a Track 2 read head 502. Such dual-head arrangements are commonly used in Point-Of-Sale (POS) terminals to read credit and debit cards. In operation, the stripe 11 is inserted into a slot in a housing of the POS terminal (not illustrated) and is swiped or passed by the two read heads 501/502 in a Magnetic Stripe Reader (MSR) component of the POS. As the magnetic stripe 11 passes by the heads, the first read head 501 is used to read the data stored in Track 1 101 and the second read head 502 is used to read the data stored in Track 2 102. Software typically installed in the POS terminal processes the data received from the MSR. Depending upon the depth of the slot and the spacing between the heads 501 and 502, dual-head MSRs can be configured to read other track combinations, such as reading Track 1 101 and Track 3 103, or reading Track 2 102 and Track 3 103. POS terminals with three read heads are able to read all three tracks of the stripe 11, but are less common than dual-head configurations.
Disadvantageously, the data on the magnetic stripe 11 of a conventional credit or debit card is static and subject to copying and fraud. In recent years, to reduce the fraud associated with static magnetic stripe cards, electronic cards and contactless payment methods have been developed. Electronic cards and contactless methods allow the data that is provided to a POS terminal to be dynamically modified, making such approaches less susceptible to copying fraud than conventional magnetic stripe payment cards.
An example of a contactless method uses Near-Field Communications (NFC). NFC employs electromagnetic induction between a loop antenna in a handheld device and a loop antenna in a POS terminal to exchange information. In order to be compatible with contactless methods like NFC, each POS terminals must include the needed loop antenna and receiver.
Another example of a contactless method uses an inductive loop to interact directly with the magnetic read heads (e.g., 501, 502) of the MSR. As a result, the POS terminal does not require any special capabilities. For example, the POS terminal is not required to have a Near-Field Communication (NFC) receiver. Instead, a magnetic stripe simulating device is held in close proximity to the MSR of a POS terminal and emits a sequence of magnetic pulses. The simulating device generates the pulse sequence by applying a time-modulated alternating current to an inductive loop. The alternating current that is applied to the loop induces the magnetic field received by the magnetic read heads (e.g., 501, 502) of the MSR. Typically, the inductive loop needs to be within approximately three inches (7.6 cm) of the read heads. The field generated by the loop dissipates rapidly beyond that point, which helps prevent the pulse sequence from being picked up by eavesdropping devices.
With conventional magnetic stripes, the fields generated by the magnetic domains that correspond to the data in each track are narrow and confined to the reading aperture of the corresponding read-head channel. For example, the influence of the field generated by Track 1 101 is confined to the read head 501, and the field generated by Track 2 102 is confined to the read head 502.
In comparison, the electronically-simulated magnetic stripes in electronic cards and the inductive-loop magnetic field transmissions to MSRs both produce wider fields than conventional magnetic stripes, resulting in the magnetic fields leaking into the pick-up channel(s) of adjacent track(s). Because the different tracks' data are encoded differently and are mutually incompatible, the leakage of a specific track's magnetic fields into an adjacent track's read head can cause reading errors. For example, if the magnetic field sequence corresponding to the higher density seven-bit characters of Track 1 101 leaks into the Track 2 read head 502, the data parsing software that was expecting the five-bit characters of Track 2 102 may indicate an error. Conversely, when Track 2 102 data leaks into Track 1 read channel, the encoded data and the LRC may be incorrectly decoded.
Because of the close proximity of the tracks in a standard card stripe 11 and because of a lack of standardization among card readers, it is difficult to prevent the cross-channel leakage of track data between adjacent channels. Cross-channel leakage is particularly problematic when using an inductive loop to interact directly with the magnetic read heads, since the emitted field necessarily interacts with more than one read head. While the POS terminal decoder software is designed to accommodate relatively minor track noise, such as the noise generated by scratches and small defects in the magnetic stripe 11, the decoder software can be easily overwhelmed by the substantial errors caused by cross-channel leakage. Unable to handle these exception conditions, the POS terminal will terminate the transaction and/or display an error message that can confuse customers and terminal operators.