I know all systems accepting magnetic stripe cards (card readers, access systems, etc) would reject a cut one. But could and expert still get the data that was on it?
For the record, I mean "cut in half", as often stated in bank instructions.
I know all systems accepting magnetic stripe cards (card readers, access systems, etc) would reject a cut one. But could and expert still get the data that was on it?
For the record, I mean "cut in half", as often stated in bank instructions.
As a former developer for one of the biggest Security Card System organizations in the world, I can confirm with you that the answer is resounding YES depending on the manufacturer and the type of the card.
For example, my company used the standard ISO encoding standard for magnetic stripes for Debit cards, and quite frankly there is not much confidential information in magnetic stripes of the sort to begin with. The encoding is ISO standard, and you can actually search for it online. I included a link to Wikipedia , which is obviously unreliable but that generally holds true. As you can see, there is not much confidential information on the magnetic stripes aside from the name or card number – both of which can be read directly from looking at the card. These information are repeated throughout the stripe maybe twice or three times. The start and end sentinels typically appear just once.
At any rate, some institutions (mostly EMV bound ones) request this data to be lightly encrypted based on EMV standards and appear just once – and as you may have noticed, I said EMV (Visa, MasterCard, AMEX) – so you will never find this on debit cards (unless they are Visa/MS debits). You may or may not be able to extract the data from these types of cards – that would depend on what is lost at the cutoff point. Not all credit cards magnetic stripe info are encrypted – just select ones.
Did a test with three different cards.
Card 1 (Non-Chipped MC Pre-Paid)
Swiped the card through a USB Magtek MSR Reader, and noted results. Got a clean Track 1 and Track 2 data.
Cut the card vertically straight down the middle into a left piece and right piece.
Took each piece and tried swiping through the card reader. Would only get an %E?;E? which is basically an error and it couldn't read the swipe.
Took the two halves and taped them together as they had not been cut. Just used scotch tape on the front-side, but after a few slow swipes I did get the Track 2 information.
Track 2 information format is as this:
SS=Start Sentinel ";"
PAN=Primary Acct. # (19 digits max)
FS=Field Separator "="
Additional Data=Expiration Date, offset, encrypted PIN, etc.
ES=End Sentinel "?"
LRC=Longitudinal Redundancy Check
Source http://www.acmetech.com/documentation/credit_cards/magstripe_track_format.html
Card 2 (Non-Chipped Visa Pre-Paid)
Swiped the card through a USB Magtek MSR Reader, and noted results. Got a clean Track 1 and Track 2 data.
Cut the card vertically into three equal pieces. Forming a left, middle, right piece.
Took each piece and tried swiping through the card reader. Would only get an %E?;E? which is basically an error and it couldn't read the swipe.
Took the three pieces and taped them together as they had not been cut. Just used scotch tape on the front-side, but many swipes with %E;E?, I did get the Track 2 information again. It did take several more tries to get the information but I did.
Card 3 (Track 2 ISO encoded card, I did on my Zebra P120i card printer)
Just encoded 16 random numbers on the card.
Swiped the card through a USB Magtek MSR Reader, and noted results. Got Track 2 data as expected.
Cut the card horizontally halfway through the magnetic strip, so I was left with a small top piece and large bottom piece.
Took each piece and tried swiping through the card reader. Got 0 response from the card reader, as it didn't detect a card.
Took the two halves and taped them together as they had not been cut. Just used scotch tape on the front-side, and was unable to get any track information.
As others have stated above, if I had a cut card, I could get the information needed from the front of the card.
However, in my test it is possible to get information from that card. Unless they cut horizontally through the magnetic stripe.
I would have tested more cards, but that's all I really had time to test for, and was out of pre-paid cards with 0 balances to destroy.