Sponsored Links
-->

Wednesday, June 6, 2018

Samy Kamkar: MagSpoof - credit card/magstripe spoofer
src: samy.pl

ISO/IEC 7813 is an international standard codified by the International Organization for Standardization and International Electrotechnical Commission that defines properties of financial transaction cards, such as ATM or credit cards.


Video ISO/IEC 7813



Scope

The standard defines:

  • physical characteristics, such as size, shape, location of magnetic stripe, etc.
  • magnetic track data structures

Maps ISO/IEC 7813



Physical characteristics

ISO/IEC 7813 specifies the following physical characteristics of the card, mostly by reference to other standards:

Embossed characters 
by reference to ISO/IEC 7811
Embossing of expiration date 
the format (MM/YY or MM-YY)
Magnetic stripe 
by reference to ISO/IEC 7811
Integrated circuit with contacts 
by reference to ISO/IEC 7816-1
Integrated circuit without contacts 
by reference to ISO/IEC 10536-1, ISO/IEC 14443-1, and ISO/IEC 15693-1

OTI TRIO - 3 in 1 Contactless-Chip-Magstripe Cashless Reader
src: www.otiglobal.com


Magnetic tracks

Track 1

The Track 1 structure is specified as:

  • STX : Start sentinel "%"
  • FC : Format code "B" (The format described here. Format "A" is reserved for proprietary use.)
  • PAN : Primary Account Number, up to 19 digits
  • FS : Separator "^"
  • NM : Name, 2 to 26 characters (including separators, where appropriate, between surname, first name etc.)
  • FS : Separator "^"
  • ED : Expiration data, 4 digits or "^"
  • SC : Service code, 3 digits or "^"
  • DD : Discretionary data, balance of characters
  • ETX : End sentinel "?"
  • LRC : Longitudinal redundancy check, calculated according to ISO/IEC 7811-2

The maximum record length is 79 alphanumeric characters.

Examples

%B4815881002861896^YATES/EUGENE JOHN         ^37829821000123456789?

%B4815881002861896^YATES/EUGENE L            ^^^0000000      00998000000?

Track 2

The Track 2 structure is specified as:

  • STX : Start sentinel ";"
  • PAN : Primary Account Number, up to 19 digits, as defined in ISO/IEC 7812-1
  • FS : Separator "="
  • ED : Expiration date, YYMM or "=" if not present
  • SC : Service code, 3 digits or "=" if not present
  • DD : Discretionary data, balance of available digits
  • ETX : End sentinel "?"
  • LRC : Longitudinal redundancy check, calculated according to ISO/IEC 7811-2

The maximum record length is 40 numeric digits (e.g., 5095700000000).

Track 3

Track 3 is virtually unused by the major worldwide networks and often isn't even physically present on the card by virtue of a narrower magnetic stripe.

A notable exception to this is Germany, where Track 3 content was used nationally as the primary source of authorization and clearing information for debit card processing prior to the adoption of the "SECCOS" ICC standards. Track 3 is standardized nationally to contain both the cardholder's bank account number and branch sort code (BLZ).

Programming

Parsing Track 1 and Track 2 can be done with Regular Expressions. Included here is just the Regular Expression for parsing Track 1.

Track 1

^%B([0-9]{1,19})\^([^\^]{2,26})\^([0-9]{4}|\^)([0-9]{3}|\^)([^\?]+)\?$

This Regex will capture all of the important fields into the following groups:

  • Group 1: Primary account number (PAN)
  • Group 2: Name
  • Group 3: Expiration Date
  • Group 4: Service Code
  • Group 5: Discretionary data

OTI TRIO - 3 in 1 Contactless-Chip-Magstripe Cashless Reader
src: www.otiglobal.com


References


Linux Command Line Interface
src: freesoftwaremagazine.com


External links

Reference implementations

  • Magnetic Track Parser, a Java library to parse magnetic track data
  • Credit Card Track Data Parser, a Javscript library is for parsing credit card track data such as might be returned from a USB card reader
  • magnet, a Ruby library for decoding the track data on magnetic stripe cards

Source of article : Wikipedia