Hello jackham-ga,
Let's first look at the intricacies of credit cards, and then consider
the readers and machines that use them.
To find out the technical details behind credit cards and how they
work, I started at the HowStuffWorks.com website.
http://money.howstuffworks.com/credit-card.htm
DEFINITION:
First a general definition of a credit card:
"A credit card is a thin plastic card, usually 3-1/8 inches by 2-1/8
inches in size, that contains identification information such as a
signature or picture, and authorizes the person named on it to charge
purchases or services to his account -- charges for which he will be
billed periodically. Today, the information on the card is read by
automated teller machines (ATMs), store readers, and bank and Internet
computers."
http://money.howstuffworks.com/credit-card1.htm
CARD NUMBERING SCHEME:
Although phone companies, gas companies and department stores have
their own numbering systems, ANSI Standard X4.13-1983 is the system
used by most national credit-card systems.
Here are what some of the numbers stand for:
The first digit in your credit-card number signifies the system:
3 - travel/entertainment cards (such as American Express and Diners
Club)
4 - Visa
5 - MasterCard
6 - Discover Card
The structure of the card number varies by system. For example,
American Express card numbers start with 37; Carte Blanche and Diners
Club with 38.
American Express - Digits three and four are type and currency, digits
five through 11 are the account number, digits 12 through 14 are the
card number within the account and digit 15 is a check digit.
Visa - Digits two through six are the bank number, digits seven
through 12 or seven through 15 are the account number and digit 13 or
16 is a check digit.
MasterCard - Digits two and three, two through four, two through five
or two through six are the bank number (depending on whether digit two
is a 1, 2, 3 or other). The digits after the bank number up through
digit 15 are the account number, and digit 16 is a check digit.
http://money.howstuffworks.com/credit-card2.htm
MAGSTRIPE
The stripe on the back of a credit card is a magnetic stripe, often
called a magstripe. The magstripe is made up of tiny iron-based
magnetic particles in a plastic-like film. Each particle is really a
tiny bar magnet about 20-millionths of an inch long.
The magstripe can be "written" because the tiny bar magnets can be
magnetized in either a north or south pole direction. The magstripe on
the back of the card is very similar to a piece of cassette tape. A
magstripe reader (you may have seen one hooked to someone's PC at a
bazaar or fair) can understand the information on the three-track
stripe.
Information on the Stripe
There are three tracks on the magstripe. Each track is about one-tenth
of an inch wide. The ISO/IEC standard 7811, which is used by banks,
specifies:
Track one is 210 bits per inch (bpi), and holds 79 6-bit plus parity
bit read-only characters.
Track two is 75 bpi, and holds 40 4-bit plus parity bit characters.
Track three is 210 bpi, and holds 107 4-bit plus parity bit
characters.
Your credit card typically uses only tracks one and two. Track three
is a read/write track (which includes an encrypted PIN, country code,
currency units and amount authorized), but its usage is not
standardized among banks.
The information on track one is contained in two formats:
A, which is reserved for proprietary use of the card issuer, and B,
which includes the following:
Start sentinel - one character
Format code="B" - one character (alpha only)
Primary account number - up to 19 characters
Separator - one character
Country code - three characters
Name - two to 26 characters
Separator - one character
Expiration date or separator - four characters or one character
Discretionary data - enough characters to fill out maximum record
length (79 characters total)
End sentinel - one character
Longitudinal redundancy check (LRC) - one character
LRC is a form of computed check character.
The format for track two, developed by the banking industry, is as
follows:
Start sentinel - one character
Primary account number - up to 19 characters
Separator - one character
Country code - three characters
Expiration date or separator - four characters or one character
Discretionary data - enough characters to fill out maximum record
length (40 characters total)
LRC - one character
http://money.howstuffworks.com/credit-card3.htm
AUTHENTICATION
There are three basic methods for determining whether your credit card
will pay for what you're charging:
Merchants with few transactions each month do voice authentication
using a touch-tone phone.
Electronic data capture (EDC) magstripe-card swipe terminals are
becoming more common -- so is swiping your own card at the checkout.
Virtual terminals on the Internet
This is how it works: After you or the cashier swipes your credit card
through a reader, the EDC software at the point-of-sale (POS) terminal
dials a stored telephone number (using a modem) to call an acquirer.
An acquirer is an organization that collects credit-authentication
requests from merchants and provides the merchants with a payment
guarantee.
When the acquirer company gets the credit-card authentication request,
it checks the transaction for validity and the record on the magstripe
for:
Merchant ID
Valid card number
Expiration date
Credit-card limit
Card usage
Single dial-up transactions are processed at 1,200 to 2,400 bits per
second (bps), while direct Internet attachment uses much higher speeds
via this protocol. In this system, the cardholder enters a personal
identification number (PIN) using a keypad.
The PIN is not on the card -- it is encrypted (hidden in code) in a
database. (For example, before you get cash from an ATM, the ATM
encrypts the PIN and sends it to the database to see if there is a
match.) The PIN can be either in the bank's computers in an encrypted
form (as a cipher) or encrypted on the card itself. The transformation
used in this type of cryptography is called one-way. This means that
it's easy to compute a cipher given the bank's key and the customer's
PIN, but not computationally feasible to obtain the plain-text PIN
from the cipher, even if the key is known. This feature was designed
to protect the cardholder from being impersonated by someone who has
access to the bank's computer files.
Likewise, the communications between the ATM and the bank's central
computer are encrypted to prevent would-be thieves from tapping into
the phone lines, recording the signals sent to the ATM to authorize
the dispensing of cash and then feeding the same signals to the ATM to
trick it into unauthorized dispensing of cash.
http://money.howstuffworks.com/credit-card4.htm
For more technical details relating the ISO 7810, 7811, and 7813
Standards (those which govern card format/dimensions, stripe layout,
magnetic stripe data and character sets) the following link provides
all the specifics:
http://www.cyberd.co.uk/support/technotes/isocards.htm
Here is a great glossary of terms relating to Magnetic Stripes:
http://www.aimglobal.org/technologies/card/msglossary.htm
There is also an interesting discussion regarding coercivity of
magnetic stripes (related to the encoding process):
http://www.eltroncards.com/about/aboutcard5.htm
If you are interested in first-hand ISO documentation, they are
available for purchase on a per-standard basis:
ISO/IEC 7810:1995 - "Identification Cards -- Physical Characteristics"
http://www.iso.ch/iso/en/CatalogueDetailPage.CatalogueDetail?CSNUMBER=14715&ICS1=35&ICS2=240&ICS3=15
ISO/IEC 7811-1:2002 Identification cards -- Recording technique --
Part 1: Embossing (available in English only)
http://www.iso.ch/iso/en/CatalogueDetailPage.CatalogueDetail?CSNUMBER=31433&ICS1=35&ICS2=240&ICS3=15
ISO/IEC 7811-2:2001 Identification cards -- Recording technique --
Part 2: Magnetic stripe -- Low coercivity (available in English only)
http://www.iso.ch/iso/en/CatalogueDetailPage.CatalogueDetail?CSNUMBER=31440&ICS1=35&ICS2=240&ICS3=15
ISO/IEC 7811-6:2001 Identification cards -- Recording technique --
Part 6: Magnetic stripe -- High coercivity (available in English only)
http://www.iso.ch/iso/en/CatalogueDetailPage.CatalogueDetail?CSNUMBER=33228&ICS1=35&ICS2=240&ICS3=15
ISO/IEC 7813:2001 Identification cards -- Financial transaction
cards (available in English only)
http://www.iso.ch/iso/en/CatalogueDetailPage.CatalogueDetail?CSNUMBER=31441&ICS1=35&ICS2=240&ICS3=15
AUTOMATED TELLER MACHINES
Since a classic example of a magstripe reader is an ATM, it is worth
considering how it functions and interacts with other equipment.
HOW ATMs WORK:
An ATM is simply a data terminal with two input and four output
devices. Like any other data terminal, the ATM has to connect to, and
communicate through, a host processor. The host processor is analogous
to an Internet service provider (ISP) in that it is the gateway
through which all the various ATM networks become available to the
cardholder (the person wanting the cash).
Most host processors can support either leased-line or dial-up
machines. Leased-line machines connect directly to the host processor
through a four-wire, point-to-point, dedicated telephone line. Dial-up
ATMs connect to the host processor through a normal phone line using a
modem and a toll-free number, or through an Internet service provider
using a local access number dialed by modem.
Leased-line ATMs are preferred for very high-volume locations because
of their thru-put capability, and dial-up ATMs are preferred for
retail merchant locations where cost is a greater factor than
thru-put. The initial cost for a dial-up machine is less than half
that for a leased-line machine. The monthly operating costs for
dial-up are only a fraction of the costs for leased-line.
The host processor may be owned by a bank or financial institution, or
it may be owned by an independent service provider. Bank-owned
processors normally support only bank-owned machines, whereas the
independent processors support merchant-owned machines.
http://money.howstuffworks.com/atm2.htm
PARTS OF AN ATM:
You're probably one of the millions who has used an ATM. As you know,
an ATM has two input devices:
Card reader - The card reader captures the account information stored
on the magnetic stripe on the back of an ATM/debit or credit card. The
host processor uses this information to route the transaction to the
cardholder's bank.
Keypad - The keypad lets the cardholder tell the bank what kind of
transaction is required (cash withdrawal, balance inquiry, etc.) and
for what amount. Also, the bank requires the cardholder's personal
identification number (PIN) for verification. Federal law requires
that the PIN block be sent to the host processor in encrypted form.
And an ATM has four output devices:
Speaker - The speaker provides the cardholder with auditory feedback
when a key is pressed.
Display screen - The display screen prompts the cardholder through
each step of the transaction process. Leased-line machines commonly
use a monochrome or color CRT (cathode ray tube) display. Dial-up
machines commonly use a monochrome or color LCD.
Receipt printer - The receipt printer provides the cardholder with a
paper receipt of the transaction.
Cash dispenser - The heart of an ATM is the safe and cash-dispensing
mechanism. The entire bottom portion of most small ATMs is a safe that
contains the cash.
The cash-dispensing mechanism has an electric eye that counts each
bill as it exits the dispenser. The bill count and all of the
information pertaining to a particular transaction is recorded in a
journal. The journal information is printed out periodically and a
hard copy is maintained by the machine owner for two years. Whenever a
cardholder has a dispute about a transaction, he or she can ask for a
journal printout showing the transaction, and then contact the host
processor. If no one is available to provide the journal printout, the
cardholder needs to notify the bank or institution that issued the
card and fill out a form that will be faxed to the host processor. It
is the host processor's responsibility to resolve the dispute.
Besides the electric eye that counts each bill, the cash-dispensing
mechanism also has a sensor that evaluates the thickness of each bill.
If two bills are stuck together, then instead of being dispensed to
the cardholder they are diverted to a reject bin. The same thing
happens with a bill that is excessively worn, torn, or folded.
The number of reject bills is also recorded so that the machine owner
can be aware of the quality of bills that are being loaded into the
machine. A high reject rate would indicate a problem with the bills or
with the dispenser mechanism.
http://money.howstuffworks.com/atm3.htm
MAGNETIC CARD STRIPE READERS/WRITERS
As you know by know, the function of these devices are to
capture/change information being held in the tracks of a magnetic
stripe.
There is a great technical reference manual made available by MAGTEK
that discusses the technical aspects for card readers. Below is a
condensed version of the table of contents:
SECTION 1. DECODING READER OUTPUT
TRACK 1 DATA FORMAT
TRACKS 2 AND 3 DATA FORMAT
SECTION 2. ENCODING
TIMING
DATA
STROBE
CARD PRESENT
SECTION 3. LRC CALCULATION
SECTION 4. ERROR CHECKING
ERROR CHECKS BY A TYPICAL READER
ERROR CHECKING, TRACK 2, WITH AN INTEL 8751
INSERTION READERS
SECTION 5. BIDIRECTIONAL READING AND AMPLITUDE VARIATIONS
READING IN ONE DIRECTION VERSES BOTH DIRECTIONS
CARD READBACK AMPLITUDE VARIATIONS
APPENDIX A. APPLICATION NOTE - CHARACTER CONVERSION
TRACK 1 CHARACTER SET
TRACK 2 AND 3 CHARACTER SET
APPENDIX B. READ IC 21006516 SPEC SHEET
APPENDIX C. STANDARDS
http://www.magtek.com/documentation/public/99875148-4.pdf
As far as your question as to the 'best models available', this is
really dependant on your individual needs. However, after doing some
digging, I've been able to come up with the main criteria that
differentiate these devices:
Interface type - this related to how you want to use the information
captured by the reader. The most common are USB reader (which connect
to your PC/Mac and bring information into your computer) and kiosk
(can be placed within self-serve kiosks for interactions with users).
Embedded decoder - since the information coming from the card is not
immediately recognizable, it needs to be decoded. Some devices include
this decoder within the unit, and others do not. Depending on whether
or not information from the card is being interpreted and used for
interaction with the user immediately (without the assistance of other
equipment), this may or may not be necessary.
Supported Tracks - although magstripes have 3 tracks due to standards,
often only the first two are used. For this reason, some units read
only two tracks, wheras others can read all three.
Cards swipe/insertion - different models offer the choice of swiping
the card through a slot or inserting it into the device and having it
ejected back out (the insert type is more costly)
For quick access to companies offering this class of devices, refer to
this buyer's guide:
http://www.datacollectiononline.com/BuyersGuide/Companies.asp?CID=213740&CName=Magnetic+Stripe+Readers%2FWriters&NR=26&nPHCCompanyId=&VNETCOOKIE=NO
I've really enjoyed researching your question and hope that the answer
meets or exceeds your expectations. Should you have any questions
regarding the above infornation please post a clarification and I will
respond promptly :)
Cheers!
answerguru-ga |
