Path: ucsd!usc!cs.utexas.edu!uunet!mcsun!hp4nl!ooc.uva.nl!ropg ~From: ropg@ooc.uva.nl (Rop Gonggrijp) ~Newsgroups: sci.electronics ~Subject: Re: Credit card encoding Message-ID: <13619@slice.ooc.uva.nl> ~Date: 26 Sep 90 13:09:59 GMT ~References: <28174@pasteur.Berkeley.EDU> Organization: uvabick ~Lines: 28 e142-aq@hercules.Berkeley.EDU (Alan Nishioka) writes: >Does anybody know how information is encoded on the magnetic stripe for >credit cards, bank cards, my student id, etc.? Any references? A trip >to the library and looking thru the reader 's guide didn't get me anywhere. Well, there's three tracks (ISO 3554), all 0.110" wide. The top one is 210 BPI and has 7 bits per chr. (incl. parity). Total 79 alpha-num. chrs. The second track has 75 BPI, 5 bits per chr. (incl. par.) total 40 digits The third track has agian 210 BPI, 5 bits per chr (yeah incl. par.) total 107 digits. Data is coded reversing the polarity of the magnetic field once or twice in the field for that bit. Since you cannot double of half the speed of the card within the space for 1 bit, it all works. >I just bought a card reader which had 5 ttl level outputs. Two for each >of 2 head tracks and a 5th that goes low when a card is being run thru. >The chips don't seem to be identifiable. Well, the bad news is that you'll have to write the decoding software yourself. Not much to it, I did it on a Commodore-64. Our magazine ("Hack-Tic") printed the full specs on all this in the last issue. -- Rop Gonggrijp (ropg@ooc.uva.nl) is also editor of Hack-Tic (hack/phreak mag.) quote: "We don't care about freedom of the mind, | Postbus 22953 (in DUTCH) freedom of signature will do just fine" | 1100 DL AMSTERDAM Any opinions in this posting are wasted on you | tel: +31 20 6001480 From ucsd!swrinde!zaphod.mps.ohio-state.edu!julius.cs.uiuc.edu!psuvax1!rutgers!dayton!jad Fri Sep 28 04:18:32 PDT 1990 > Article <28174@pasteur.Berkeley.EDU> From: e142-aq@hercules.Berkeley.EDU > (Alan Nishioka) >Does anybody know how information is encoded on the magnetic stripe for >credit cards, bank cards, my student id, etc.? Any references? A trip >to the library and looking thru the reader 's guide didn't get me anywhere. You'll want to see the American National Standard X4.16 (which I just happen to have sitting in my lap.) It is available from the American National Standards Institute, Inc. 1430 Broadway New York, NY 10018 My version is dated 1983. I suspect it has been superceded by now. It details everything (everything!) you ever could possibly want to know about mag stripe encoding for financial services cards. >I just bought a card reader which had 5 ttl level outputs. Two for each >of 2 head tracks and a 5th that goes low when a card is being run thru. >The chips don't seem to be identifiable. In most all of the MSR's I've taken apart, the chips are custom. One of our vendor's configurations for the wiring looked like this: 1 RDT1 Data from track 1 2 RCL1 Clock from track 1 3 GND 4 +5V 5 n/c 6 RCL2 Clock from track 2 7 CLD Card Presence 8 RDT2 Data from track 2 You could use a scope to determine which is which -- track 2 is recorded at 75 bits/inch while track 1 is 210 bits/inch. Just watch the blinking! The data is self clocking. _____ __ __ _____ __ | |_____| |__| |__| |__| |_____ ^ ^ ^ ^ ^ ^ ^ 0 0 1 1 0 1 0 >I discovered that cards seem to use two different levels of stripe, for >a total of 4 tracks on my bank card, but only two on my student id, which >are at the wrong level for my reader. Your bank card will typically only use the read-only tracks one and two. Track 3 is a read/write track that has the same electromagnetic properties as track 1, but its usage is not standardized within the industry. Many cards issued today do not even have magnetic media at the location for track 3. (It was originally intended for off-line ATM authorization, but guess what happened to that idea!) >The code must be self-clocking and I would guess just have simple >error checking (parity) since the card can just be run thru again if >necessary. The parity checking is pretty impressive. Track 1 characters are 6 bits plus one (odd) parity bit. There is also an LRC (Longitudinal Redundancy Check) character after the end sentinel character. The LRC bits are parity bits for all the characters in the track such that the total one bits are odd. (The LRC parity bit is simply a parity check on the LRC character.) This scheme protects against almost all random card damage, as you would have to have four bits wrong (the corners of a rectangle, physically) to escape detection. Track 2 parity detection is the same, but track 2 characters are only 4 bits plus one (odd) parity bit. The character sets are fairly simple subsets of ASCII. Tracks 1 & 3 use this table: 0 1 2 3 00 01 10 11 <-MSD 0 0000 SP 0 @a P 1 0001 !a 1 A Q 2 0010 "a 2 B R 3 0011 #b 3 C S 4 0100 $ 4 D T 5 0101 %c 5 E U 6 0110 &a 6 F V 7 0111 'a 7 G W 8 1000 ( 8 H X 9 1001 ) 9 I Y A 1010 *a :a J Z B 1011 +a ;a K [d C 1100 ,a a N ^c F 1111 / ?c O _d a For the encoding of data on magnetic stripe cards, these character positions shall not contain information characters (data content). b Optional additional graphic. c These characters shall have the following meaning for this application: 25 % represents start sentinel. 3F ? represents end sentinel. 5E ^ represents separator. d These character positions are reserved for additional national characters when required. They shall not be used internationally. Track 1 format: Format A. Reserved for proprietary use of card issuer. Format B. Start sentinel 1 character Format code = "B" 1 character - alpha only Primary Account Number Up to 19 characters (Note 1) Separator 1 character Country code 3 characters (Note 2) Name 2-26 characters (note 3) Surname Surname separator="/" First name or initial Space (when required) (Note 4) Middle name or initial Period (when followed by title) Title (when used) Separator 1 character Expiration date or 4 characters or 1 character separator (Note 5) Discretionary data The balance to maximum record length End sentinel 1 character LRC 1 character (see above for LRC calculation) Total 79 characters max. Notes: 1 In accordance with the account numbering scheme in ANSI X4.13-1983. 2 When the primary account number commences with major industry identifier "5" followed by "9", the encoding of the country in this position is mandatory. In all other situations, the expiration date or separator shall immediately follow the separator that terminates the primary account number. The country code for the United States is 840. 3 The absolute minimum data encoded in the name field will be a single alpha character in the surname area and the surname separator (/). 4 The space character is required to separate the logical elements of the name field other than the surname. The separator terminating the name field should be encoded following the last logical element of the name field. If only the surname is encoded, it will follow the surname separator. 5 In accordance with ANSI X3.30-1971. If no expiration date is associated with the card, a separator shall be encoded. The format for the expiration date is YYMM. Format Codes C through M. The format codes are reserved for use by ANSI Subcommittee X3B10 in connection with other data formats of track 1. Format Codes N through Z. Available for use by individual card issuers. Track 2 uses the following 4 bit character set: 0 0000 0 1 0001 1 2 0010 2 3 0011 3 4 0100 4 5 0101 5 6 0110 6 7 0111 7 8 1000 8 9 1001 9 A 1010 Note 1 B 1011 Start sentinel (start character) C 1100 Note 2 D 1101 Separator E 1110 Note 1 F 1111 End sentinel (stop character) Notes: 1 These characters are available for hardware control purposes and shall not be used for data content. 2 This character is reserved for future definition in connection with the data format on track 2. Track 2 format: Start sentinel 1 character Primary Account Number Up to 19 characters (Note 1) Separator 1 character Country code 3 characters (Note 2) Expiration date or 4 characters or 1 character separator (Note 3) Discretionary data The balance to maximum record length End sentinel 1 character LRC 1 character (see above for LRC calculation) Total 40 characters max. Notes: 1 In accordance with the account numbering scheme in ANSI X4.13-1983. 2 When the primary account number commences with major industry identifier "5" followed by "9", the encoding of the country in this position is mandatory. In all other situations, the expiration date or separator shall immediately follow the separator that terminates the primary account number. The country code for the United States is 840. 3 In accordance with ANSI X3.30-1971. If no expiration date is associated with the card, a separator shall be encoded. The format for the expiration date is YYMM. >BTW, I just want to read, not commit bank fraud :-) I would have to build >another card input/output assembly for that :-) I've seen some scams based on ATM card fraud, but it may be tough to fool Mother Visa...particularily when you have to hand your card to a living, breathing human. Do me a favor and mail me a copy of your interface circuit when you get it working, OK? -j, now you know all our little secrets, eh? -- J. Deters Ask me about my PS/2. // INTERNET: jad@dayton.DHDSC.MN.ORG Then, // UUCP: ...!bungia!dayton!jad ask me about my Amiga! \\ // ICBM: 44^58'36"N by 93^16'12"W \X/ From ucsd!dog.ee.lbl.gov!pasteur!cory.Berkeley.EDU!atn Wed May 8 07:41:21 PDT 1991 Just got my new California driver's license. No, I'm not 17, but I take the bus a lot. It has a holographic plastic laminate of "DMV" and the California Seal. My color picture was digitized into and IBM computer as was my thumb print and my signature. The mag stripe on the back has three tracks. Just for fun, I thought I'd try to read it. I had previously been able to read bank cards (with help from sci.electronics). I found that the information encoded is basically just what is printed on the card. Kinda uninteresting. Of course I couldn't figure out what little extra information was encoded.... (marked unidentified below) It took me a little while to figure out the format, and I suppose it is documented somewhere (anyone know where?) but it was fun. Bank Cards -- conform to ANSI/ISO 7810-1985 ($10) Track 1: 6 bit word with 1 bit parity. LSB first. code offset 32 below ASCII code. Track 2: 4 bit word with 1 bit parity. LSB first. Numbers only. Driver's License -- Track 1: 6 bit word with no parity. Otherwise same as Bank Card. Track 2: Same as Bank Card. California Driver's License: --------------------------- Track 2: (low density) 8 unidentified digits License Number Separator Expiration Date (YYMM) Separator Date of Birth (YYYYMMDD) Track 1: (High density) DALAN TAKEO NISHIOKA $ 974 TULARE AVE ALBANY Name (58 characters) Address (29 characters) City (13 characters) Track 3: (High density. Can't reposition read head. ); Great Western Bank ATM Card: --------------------------- Track 2: Account number on the front of the card Separator Expiration date (no country code) Other (propietary) data Track 1: Format B Account number Separator Name (from front of card) Separator Expiration date (no country code) Other data AT&T Universal Card: ------------------- Track 1: Format B Account Number Separator Name Separator Expiration Date (YYMM) 6 Unknown chars Calling Card Number (10 digits) Track 2: Account Number Separator Expiration Date (YYMM) 3 Unknown chars Citibank ATM Card: ----------------- Track 1: Format A (proprietary) Name Separator Account Number Separator Expiration Date (MMYY) 7 Unidentified chars Track 2: Account Number Separator Expiration Date (MMYY) 7 Unidentified chars ----------------------------------------------------------------------------- Alan Nishioka KC6KHV atn@cory.berkeley.edu ...!ucbvax!cory!atn 974 Tulare Avenue, Albany CA 94707-2540 37'52N/122'15W +1 415 526 1818