Artificial respiration magnetic card!

[Brother]

Like me already wrote, the magnetic card is alive only thanks to resuscitation efforts. Even in Africa they are being abandoned. But at one time there were interesting attempts to give them a new life. I want to tell you a little about them.

Let me remind you that there are three tracks, three tracks on the magnetic stripe of the card. Only the first two tracks are used in bank cards. And the second is more important if the card is not a credit card. For historical reasons. When this standard was being developed, the same tool (plastic card) was intended for two industries at once - for air carriers (and they used the first track) and for banks (which got the second track). Over time, cards became more common in the banking sector, and banks began to use the first track. It essentially contains a copy of the data from the second track plus the name and surname of the cardholder. This is why it was done. Firstly, the capacity of the first track is larger than the second, so it was only possible to place an additional name and surname on the first track. And secondly, when making a purchase on credit, it is necessary

So if you have a credit card and you make a purchase on credit, the terminal will use the data from the first track. Accordingly, if the first track is damaged, the credit card operation will become impossible. But in all other cases (if the card is not a credit card), the first track is practically ignored altogether. At least if it is damaged on your card, with a very high probability you will still pay with it.

Why is the third track needed?​

In principle, there was a short period when an encrypted PIN was stored on the third track, this was used in offline ATMs. However, it ended pretty quickly. As soon as adequate communication technologies appeared, the offline mode disappeared from ATMs.

None of the global standards contain requirements for the content of the third track. There are industry standards, there are standards for card associations, there are standards for individual banks, but global standards are silent on this topic. Therefore, you can write on the third track whatever you want. They came up with it for future expansions, but the expansion followed a completely different scenario - the development of chip cards. Although how to say ... In the non-banking sector, it is quite possible that the third track was used somewhere, and maybe quite often. However, it was originally conceived to record a couple of additional accounts. The fact is that the card can be linked to several accounts at once. And on the third track you could store a couple of them (no longer included).

Visualization of the magnetic field of a plastic card. Judging by the density of information, track 1 is on top, and track 2 occupies most of the image. But in the title of the article, there is a map upside down.
There were also such interesting thoughts.

It would be possible to record some dynamic data encrypted with a secret key on the third track. For example, date, sequential usage number, or something like that. And the terminal, for example, would read this data, calculate some new value (even if the same usage counter, which is also stored by the card issuer), encrypt the result, and then write it down to the third track.

Then if an attacker steals the card data, then it becomes impossible to use them - the data would be irrelevant.

But for this method, it is necessary that the terminal stores a secret key, the same as that of the issuer. This is possible only in one case - the terminal belongs to the same bank as the card. Because someone else's terminals cannot be trusted with a secret key, and they may not want to try for our sake.

There was also an idea to use asymmetric encryption (I will write about this topic in the near future).

Asymmetric encryption uses a pair of keys, one of which is public and the other secret. The public key is used to encrypt the message. Now it can only be decrypted with a secret key. Therefore, the public key can and should be disclosed to anyone.

In the case of a card with a magnetic stripe, it would be possible to keep the public key nearby along with the dynamic parameters of the card. The secret key is with the issuing bank. Then the terminal would simply take the key from the card, perform calculations, send it to the issuer, and write the new dynamic parameter back to the card, on the third track.

But, unfortunately, for acceptable reliability, the key must have a length of at least 128 bytes, and not the third track fits only 107 characters ... Therefore, the trick did not work.

MagnePrint technology​

If you remember, tape makes a little noise during playback. The fact is that its magnetic surface consists of many small magnets. Under the influence of the magnetic field of the recording, they change their position. Therefore, it turns out that on a magnetic film in some areas the magnets are predominantly oriented in one direction, in other areas - in the other. In full accordance with the signal that was used for recording. However, some of the magnets still remain in a chaotic state. This creates a kind of background magnetic field, noise when reading the signal. It is small, but it exists.

MasterCard came up with this noise to uniquely identify the card. Noise cannot be faked, it is a unique characteristic of a piece of magnetic stripe. It was suggested that when a card was issued, read its noise, then encode it into a sequence of 54 bytes. This value is stored in the database of the issuing bank. Special card readers that can read the noise of the card were developed by MagTek.

It turned out to be a good technology that protected cards from counterfeiting. But, unfortunately, it did not protect against another type of fraud. Yes, magnetic stripe noise is a unique characteristic of a particular card; a card cannot be faked. But this value is unchanged, it is sent every time along with the authorization request. And if you are the owner of a fraudulent outlet, then you can remember this value, and then make a new transaction when the client has left. And a transaction - for any amount, regardless of how much the client paid. Because the noise code is independent of any transaction data.

Conclusion​

In general, any attempts to somehow additionally protect the technology of magnetic stripe cards have been unsuccessful. By and large, they all rest on the fact that there is too little space on the magnetic stripe to add any adequate computation and encryption. That is why the modern world in every possible way gets rid of these outdated maps. However, I'll tell you a secret, the days of all plastic cards are numbered. It seems that literally a few years - and only a mention and a picture in the application on a smartphone will remain of them. How the floppy disk image remained on the "Save" buttons in different programs. Young people today do not even know what this mysterious square means. So is the card - you will see an incomprehensible rectangle on the screen of your wallet, and you will not remember what it is. However, it is definitely pointless to regret it.