L.A. 2600

Thanks to enigma over at netninja.com for originally writing this report.

Enigma's 2600 Report
August 1996: Magnetic Credit Cards

Welcome to the first issue of this...paper 'zine...article...flyer...I don't even know what it is. Anyway, after getting back from DefCon, I've gotten all psyched up on the teaching aspects of hacking, so I am going to try my best to make these little flyers every month and distribute them at the L.A. 2600 meeting and on my web site. Who knows? Maybe they will become really popular, or maybe they will go the way of most e-zines: I'll get tired of them in a few months and quit.

DefCon IV Caravan Recap
http://www.netninja.com/caravan/recap.html
With this report, I am not trying to uncover new, unexplored territory on the hacking frontier. I am just trying to relay some important information from reliable sources that might be of use to information and security specialists. The usual disclaimers apply...this information is presented for informational purposes only, to better your understanding of the way the world works. It is not intended for illegal activities; and if it is used for illegal activities (and you get caught) I take absolutely no responsibiliyt

This month: the format of credit cards. I have heard from so many people that a million different things are stored on the magnetic strip on your credit cards and ATM cards. Everything from your account number, to your name, to your current balance. This paper is intended to dispell some of these myths. The following information is publically available...

First off, I really have to apologize for the look of these two pages. I scanned them in from a not-too-clear source, so they looked rather blurry. Then, I used Photoshop to re-write some of the text to make it more readable. I left the underlying text to make the document seem less "doctored," but the combination of the underlying (blurry) text and the compuer-added text makes things a little nasty.

Anyway, check below for the HTML transcriptions

Magtek specs pt. 1 Magtek specs pt. 2
Page 1 in HTML formatPage 2 in HTML format

The magnetic stripe layout for the Financial Transaction Card (FTC) is shown in the second page. Track 2 is the primary recording for FTC use. The PAN, or Primary Account Number, is the definitive identifying number for both the card issuer and the card holder. The PAN for interchange of cards consists of the following:
1 digitIndustry code for the issuer
5digitsIssuer identification
12 digitsCustomer identification number
1 digitCheck digit for the customer account number
19 digits

The Track 2 content and purpose are as follows:

Primary Account Number
(19 digits mximum): Identifies the isser industry, the issuer, and the user identification number, with the latter having a one-digit check value.
Expiration date
(4 digits in year/month format): The date after which the card will not be accepted unless approved by an authorization transaction
Offset or PIN parameter
(Optional 5 digits maximum): This data allows a local PIN value check without issuer database access when the PIN value is checkable against other information such as the customer primary account number. [Enigma's note: It's important that you understand this...it is NOT the plain-text or even encrypted PIN number of the account. At one time, in the past, your PIN number was based on a mathematical extrapolation of your account number. You couldn't change it. Today, you get to pick your own number, making this field obsolete for its original purpose. The PIN is not available from the mag strip. I was not able to find the specifics on such short notice, but from what I recall, the 4-digit PIN number that you enter at a keypad is mathematically hashed with either the data in this field, or with a value supplied in real-time from the bank. The result is then sent to the bank for authorization. Sorry. You can't "read" a PIN number from the card.]
*021206202207261318131726--0822132314222214261815*
Very Cool (Uber-31337) U.S. Patent Lookup Site
http://sunsite.unc.edu/patents/intropat.html
Try checking for Electronics, Computing, Class 902: Electronic Funds Transfer, Sub Code 27: Magnetic Encoding
CalTrans real-time traffic info voicemail system
800/427-7623
Enter: freeway #, followed by pound sign(#)
Furthur Reading "Smart Cards: The New Bank Cards" by Jerome Svigals, MacMillan Publishing Company, (c)1987. ISBN 0-02-948901-6
ISO documents: 3885/00 (The Physical Card), 3885/10 (recording technique, embossing), 3885/11 (recording technique, magnetic), 3885/30 (location of read-only magnetic tracks (tracks 1 & 2)), 3885/40 (location of read-write magnetic track), 3885/70 (numbering system and registration procedure for issuer identifiers), 3885/80 (financial transaction card, track 1 & 2 content).

PENNY DOES MAGStripes

 

Back to the main page.

 

 

   anime chick with big gun!
 

Constructive comments, suggestions, and additions should be sent to info@la2600.org

www.la2600.org www.la2600.org www.la2600.org