Field of the Invention
The present invention relates to payment cards, and more particularly to emissive transmission of secret-key cryptograms, e.g., emissive electromagnetic stripe payment cards that have been preloaded with one or more secret-key use-once account numbers.
Description of Related Art
Conventional credit cards, debit cards, and other payment cards use a single account number that is open for all to see (and duplicate). Anyone that has held the card, read it, or otherwise managed to record the account number had little trouble in running charges up against the account. So merchants and banks started requiring identification, billing addresses, expiration dates, holograms, signature panels, and now security codes before completing a transaction. But loose enforcement of these measures has not really put much of an obstacle in the fraudsters' paths.
Use-once account numbers are an excellent way to control these types of fraud, but the use-once number needs to be magnetically readable by a legacy card reader or presented on a user display. These both require the inclusion of active electronics in the cards that raises the unit costs of the cards themselves and that often depend on batteries for their continued operation.
The technology required to put dynamic electromagnetic stripes on payment cards is very challenging. It would be desirable to have all the bits in every magnetic data track be programmable by the card itself so the use-once account numbers could be freely updated. But that requires magnetic device technology that does not exist, and the demands on the battery to support this mode are very high. Current magnetic device technology is further not up to the challenge of the high bit recording densities needed on track-1 of the typical payment card.
User account data is recorded on the electromagnetic stripes of conventional payment cards using industry-standard formats and encoding like ISO-7810, ISO-7811 (−1:6), and ISO-7813, available from American National Standards Institute (NYC, N.Y.). Such standards specify the physical characteristics of the cards, how to do the embossing, the electromagnetic stripe media characteristics for low-coercivity, the permissible locations for any embossed characters, the location of data tracks 1-3, any high-coercivity electromagnetic stripe media characteristics, etc.
A typical Track-1, as defined by the International Air Transport Association (IATA), as being seventy-nine alphanumeric 7-bit characters recorded at 210-bits-per-inch (bpi) with 7-bit encoding, Track-2, as defined by the American Bankers Association (ABA), is forty numeric characters at 75-bpi with 5-bit encoding, and Track-3 (ISO-4909) is typically one hundred and seven numeric characters at 210-bpi with 5-bit encoding. Each track includes starting and ending sentinels, and a longitudinal redundancy check character (LRC). The Track-1 format can include user primary account information, user name, expiration date, service code, and discretionary data. Conventional payment card magnetic tracks conform to the ISO/IEC Standards 7810, 7811-1-6, and 7813, and other formats.
The ISO 7810/7816 specifications and ABA/IATA stripe data fields describe a “discretionary field”, and “other data field” that can be used exclusively for the issuing bank. The discretionary fields can be used for status bits and other operators.
Authentication factors are pieces of information that can be used to authenticate or verify the identity of a cardholder. Two-factor authentication employs two different authentication factors to increase the level of security beyond what is possible with only one of the constituents. For example, one kind of authentication factor can be what-you-have, such as electromagnetic stripe credit card or the SIM card typical to many mobile devices and personal trusted device (PTD). The second authentication factor can be what-you-know, such as the PIN code that you enter at an ATM machine. Using more than one authentication factor is sometimes called “strong authentication” or “multi-factor authentication,” and generally requires the inclusion of at least one of a who-you-are or what-you-have authentication factor.
What is needed is a payment card that can magnetically provide use-once account numbers to legacy card readers.