There are over one billion magnetic strip cards which are used as the basis of debit and credit financial transactions. These cards are being increasingly used in association with Personal Identification Numbers (PINs). Typically these PINs are encrypted in Electronic Funds Transfer (EFT) terminals using symmetric algorithms such as that specified in the Data Encryption Standard (DES). While much effort has gone into formulating security measures within these term experience has shown that the greatest security risk is associated with the computers which control the operation of these terminals. A fundamental property of algorithms such as the DES is that it is impossible to prove that a copy of the encryption key which has been used to encrypt the PIN and is under the control of the computer systems operator has not been obtained by some third party. Thus with current practice the magnetic strip image and the PIN can be recovered from the terminal transmission and the attacker is in a position to derive benefit from the card holders account until the funds are exhausted or a fraud is detected. Further frauds can be committed because these systems are forced to allow manual entry of card numbers as a result of the poor quality and reliability of magnetic strip encoding.
A further limitation of magnetic strip technology is the amount of information which can be encoded on the card particularly given the limitations imposed by the International Standards Organisation (ISO).
Yet another limitation of current practice is that PINs can not be safely stored in computer systems since the means to decrypt them into clear text is also usually present. This leads to a situation where all PIN driven transactions must be transmitted to a computer system which has the means of verifying the PIN validity in real time. Such computers must of necessity contain the means of producing apparently valid PINs. In a large scale international scheme deployment of such facilities in many countries is dangerous in that it may expose large banks to attack as a result of compromised facilities in foreign counties or cause problems for their card holders as a result of unreliable communications links.
The problem of card authentication is also serious in that data encoded on a magnetic strip card can be readily generated from data transmitted to the computer system. Thus the card issuer has no proof that the transaction was originated on the basis of the physical card, since it could have been generated from the data contained in a previous transaction.