3

I was reading the wiki on magnetic stripe cards when I stumbled across this sentence: "Magnetic stripe cloning can be detected by the implementation of magnetic card reader heads and firmware that can read a signature of magnetic noise permanently embedded in all magnetic stripes during the card production process." (wiki cites this page)

In an ideal case, a new card would be made and its magnetic fingerprint (or a hash of some kind) would be uploaded to a database. So let's say CC 4224 9450 9930 2192 has a hash of 2ca52df6. The hash 2ca52df6 could easily be stored on the remote computer that a card uses to check its balance. The integrity of the card would be verified by quickly creating a hash of the card's magnetic noise and then transmitting that, along with the CC info, to the remote server for verification. Since magnetic noise is so unique to each card, the chances of the hashes of a legitimate CC matching a cloned CC are slim to none.

This seems pretty straightforward, which leads me to think I am missing something. Granted, credit cards have long outlived their life span, but why has a feature like that not been implemented in the 40-50 years magnetic stripe technology has been around?

cutrightjm
  • 1,714
  • 4
  • 18
  • 31
  • 5
    I can't tell for certain, but I'd hazard a strong guess that read reliability and longevity drop like a rock. Old cards have trouble being read if they've taken any kind of abuse and I find it hard to believe that that wouldn't impact the read noise. It would also probably make it much harder to get a reliable read of the card because of the speed it would have to go through. – AJ Henderson Feb 21 '14 at 02:34
  • @AJHenderson That's a pretty good thought, I neglected to look at it that way – cutrightjm Feb 21 '14 at 05:09

1 Answers1

1

Definitely sounds fragile as Henderson mentioned - but if you can reduce that (perhaps by using say, fuzzy-matching or some sort) it may have some merit as essentially a longer string for track data.

If track data is being stolen somewhere, being able to marry up the exact strings might actually be useful in identifying where trackdata leaked since it is unlikely that that a card in normal use would have the same hash as time goes on. If you begin to see a variance in hashes, for example the 2ca52df6 hash deteriorates to 1cc32342 but you still see 2ca52df6 in places, it can be an indicator that there are two copies of a card around.

cutrightjm
  • 1,714
  • 4
  • 18
  • 31
pacifist
  • 794
  • 3
  • 8