|
Vendor Accent
Know Your Card
Sabyasachi Chatterjee examines the ways in which credit
cards are and can be secured.
 Credit
cards have become so much a part of our life, that we hardly give it a second
thought before using it. However large operations involving multiple stakeholders,
networks and infrastructure make this card a reality. This article will focus
specifically on the actual card that resides in our wallets.
The concept of credit is even older than money itself, however
the first general purpose credit cards appeared only in 1950. Before that in
the early part of the 20th century stores and gas stations in US used to issue
charge cards to customers. This was a type of credit card that could be used
in the specific store issuing the card. These were not general purpose credit
cards, but limited to a particular store. In the fall of 1949 Frank X McNamara,
head of the Hamilton Credit Corporation, had gone out for dinner with two of
his friends. After dinner when McNamara reached for his wallet to pay the bill
he was shocked to find that he had left it at home. His wife had to be called
to come to his rescue.
This prompted McNamara to think of a solution to avoid such
embarrassments in future. The idea of a general purpose credit card took shape
and in 1950 the Diner’s club was formed. The Diners Club was going to be
a middleman. Instead of individual companies offering credit to their own customers,
the Diners Club was going to offer credit to individuals for many companies
(then bill the customers and pay the companies). Previously, stores would make
money with their credit cards by keeping customers loyal to their particular
store, thus increasing sales. With Diner Club, the companies who accepted the
Diners Club credit card were charged per transaction percentage fee while the
subscribers to the credit card were charged an annual fee.
The first Diners Club credit cards were given out in 1950 and accepted by a
few restaurants in New York. The cards were not made of plastic; instead, the
first Diners Club credit cards were made of a paper stock with the accepting
locations printed on the back. In the beginning, progress was difficult. Merchants
didn’t want to pay the Diners Club’s fee and didn’t want competition
for their own store cards; while customers didn’t want to sign up and pay
an annual fee unless there were a large number of merchants that accepted the
card. However, the concept of the card gradually caught on and both merchants
and consumers grew in number. The growth of the card remained abated and American
Express and the Bank Americard (later called VISA) started business in 1958.
They were later joined by MasterCard. The concept of a universal credit card
had taken root and quickly spread across the world.
| 0 |
ISO/TC 68 and other industry assignments |
| 1 |
Airlines |
| 2 |
Airlines and other industry assignments |
| 3 |
Travel and entertainment |
| 4 |
Banking and financial |
| 5 |
Banking and financial |
| 6 |
Merchandizing and banking |
| 7 |
Petroleum |
| 8 |
Telecommunications and other industry assignments |
| 9 |
National assignment |
| Brand |
Prefix |
| Visa |
4 |
| Master Card |
51-55 |
| Discover |
6011, 65 |
| American Express |
34, 37 |
Today’s general purpose credit cards with which all of us are familiar
is made of plastic, and has a magnetic stripe at the back for carrying information.
Let us look at the anatomy of this card in more details. All the aspects of
the cards are guided by the ISO standards 7800, 7811 and 7813. Standardization
ensures that any credit card can be used at any location equipped with a standard
infrastructure for reading credit cards.
The PAN, validity period and name are embossed on the card
so that an impression of the card can be taken where a magnetic stripe reader
is not available. The hologram is a three dimensional image which appears to
move and is a protection against counterfeit cards. The ‘Permanent Account
Number (PAN)’ uniquely identifies the card. The maximum size of the PAN
is 19 digits, the first 6 digit of which identifies the bank which has issued
the card. This is called the Issuer Identification Number (IIN) or the Bank
Identification Number (BIN). The first digit of the PAN is the major industry
identifier (MII) and represents the issuer category. The first few digits further
identify the brand or the service provider.
| |
| PAN Digits |
5 |
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
0 |
1 |
2 |
3 |
4 |
5 |
| Alternate |
x2 |
|
x2 |
|
x2 |
|
x2 |
|
x2 |
|
x2 |
|
x2 |
|
x2 |
|
| digits doble |
10 |
1 |
4 |
3 |
8 |
5 |
12 |
7 |
16 |
9 |
0 |
1 |
4 |
3 |
8 |
5 |
| Substract 9 if |
-9 |
|
|
|
|
|
-9 |
|
-9 |
|
|
|
|
|
|
|
| more than 9 |
1 |
1 |
4 |
3 |
8 |
5 |
3 |
7 |
7 |
9 |
0 |
1 |
4 |
3 |
8 |
5 |
| Add All Digits |
1+1+4+3+8+5+3+7+7+9+0+1+4+3+8+5=69 |
| Check |
As 69 is not divisible by 10 this is
NOT a valid card number |
The PAN, also has to satisfy the Luhn algorithm (Modulu 10 Check). The last
digit of the PAN is the check digit. This is how it works
- Starting from the digit next to the last digit i.e.
the check digit, double every alternate digit
- If the result is greater than 9 then subtract 9
from it.
- Keep the odd digits as it is.
- Add all the digits thus obtained
The result should be divisible by 10 for this to be valid card number.
For example consider the credit card number 5123 4567 8901
2345. Starting digit MII is 5 so this is banking and financial card. 51 further
identify it as a Master card. The first 6 digits 512345 uniquely identify the
issuer and are the IIN. The next 9 digits 678901234 identify the particular
account and the last digit ‘5’ is the check digit. Let us apply the
Luhn algorithm to this number.
The Luhn check serves two important functions
- It checks fraud by validating the number.
- It protects against accidental typing error while
entering card numbers
The credit card data is stored in the magnetic stripe (magstripe) which is located
at the back of the card. The magstripe is made up of tiny iron-based magnetic
particles in a plastic-like film. Each particle is really a very tiny bar magnet
about 20 millionths of an inch long. The magstripe can be “written”
because the tiny bar magnets can be magnetized in either a north or South Pole
direction. The magstripe on the back of the card is very similar to a piece
of cassette tape fastened to the back of a card. As we “swipe” the
credit card through a reader these small magnets are read by the reader and
the information decoded.
The magnetic stripe at the back of the card can contain three data tracks. Credit
card data is stored in Track 1 and Track 2. Most of the POS readers read the
Track 2 data, however the same data with additional information is present in
Track 1 also. Track 3 is normally not used for credit cards.
Explanations:
- SS – Start Sentinel
- ES – End Sentinel
- FC – Format Code
- FS – Field Separator
- LRC - Longitudinal Redundancy Check
- SVC – Service Code
Pin Verification Key Indicator (PVKI.) Pin Verification Value
(PVV), Card Verification Value (CVV) or Card Verification Code (CVC) may optionally
be present. All of these are in encrypted form and act as security features
to help reduce fraud.
| Developed by IATA, 210 Bits per inch,
7 bits per character (6 data + 1 parity) |
| SS |
FC |
PAN |
FS |
Name |
FS |
Additional Data |
Discretionary Data |
ES |
LRC |
| % |
B |
19 N |
|
26 AN |
|
Exp. Date (YYMM), SVC |
PVKI, PVV, CVV/CVC |
? |
|
| 79 Alphanumeric Characters |
| Developed by ABA, 75 Bits per inch,
5 bits per character (4 data + 1 parity) |
| SS |
FS |
PAN |
FS |
Additional Data |
Discretionary Data |
ES |
LRC |
| ; |
= |
19 N |
= |
Exp. Data (YYMM), SVC |
PVKI, PVV, CVV/CVC |
? |
|
| 40 Numeric Characters |
To combat fraud and reduce counterfeit cards there are many more features included
in the cards, for example diagonally printed words on the signature panel at
the back, letters printed with ultra violet ink etc. A very useful feature is
the security code, mainly used for card not present transaction i.e. purchase
over the web or phone where the card is physically not present. This is a 3
or 4 digit number printed (not embossed) on the card, which is used to validate
a transaction. As this is not embossed and does not form part of the magnetic
stripe information it is not stored anywhere and does not appear on receipts.
Security is provided by the fact that only the person in possession of the card
is aware of the number. Various service providers place this number on different
parts of the card and have different names (CVV2, CVC2, CID), as shown in the
figure above.
Though I have focused on credit cards, the other types of
cards - debit card, pre-paid cards, gift cards, loyalty cards, co-branded cards
etc have similar card technology though behind the scene the business aspect
varies. Magnetic stripe cards have been around for a long time now, and newer
replacements like smart cards, contactless cards, RFID fobs, NFC enable devices
have already arrived. These aim to provide reduced risk of skimming (copying
the magnetic stripe information), increased data storage, greater convenience,
value added features, better security etc. However with the huge installed base
of magnetic stripe credit cards and the associated point of sale equipment for
reading the same, the days of magnetic stripe credit cards are far from over.
The author is the Technology Head of RS Software
sabyasachic@rssoftware.co.in
|
