Moving Past Magnetic Stripe Card Readers in 2019
A magnetic stripe card reader is a device used to read magnetic stripe cards, such as credit cards.
A magnetic stripe card is inexpensive compared to other card technologies and not hard to program. While a magnetic stripe is more difficult to create than a barcode, the technology for reading and encoding data on a magnetic stripe is widespread and it is easy to get. The problem with this magnetic stripe technology is that a card can be misread, it can wear out due to use, and the data can be corrupted. Unfortunately, these cards can also be affected by the use of external devices placed over the magnetic stripe card reader in order to fraudulently skim personal information.
In 1970, a joint pilot project by American Express, American Airlines, and IBM took place at Chicago’s O’Hare Airport. American Express issued hundreds of new cards to frequent travelers in the Chicago area. It also allowed the travelers to use the new card for paying for tickets electronically and other services using the new cards.
The original cards cost about two dollars per card to make, but with economies of scale and improved production methods, they eventually came down in price. Just before MasterCard and Visa joined up the cards cost less than five cents per card to make. Not until 1980 did the price of the technology become acceptable to Visa and MasterCard.
When introduced in the 1970’s, magnetic stripes were cutting-edge technology and changed the way payment cards would be processed for decades. “It was the first step in digitizing payment information,” said Thad Peterson, senior analyst with Aite Group.
Magnetic Stripe Card Readers versus Chip Card Readers
Everyone is familiar with the magnetic stripe on the back of a credit or debit card. But how does it compare to the technology of chips on cards? First, the data on those magnetic stripes is static, unchanging. So that makes the data much more vulnerable to fraud either by making fraudulent transactions or even selling the data to unscrupulous individuals on the Dark Web.
The main difference between the two technologies is that while magnetic stripes contain static information, the card chip creates a unique code for each transaction and does not use that code again. So even if a criminal obtained the information for a point of sale transaction, the information cannot be used again.
Previously, merchants used manual credit card devices that created multiple paper receipts by sliding a bar over the receipts and thereby imprinting the card number onto the paper. These paper receipts would then be sent off to be authorized which would take a couple days. In the meantime, all a thief had to do was take the receipts thrown away in the trash and create fraudulent transactions with the card number in that time frame. One such thief is documented in the book, The Man Who Loved Books Too Much by Allison Hoover Bartlett; it is a true story of using carbon receipts for fraud.
Magnetic stripe came from the merging of two existing technologies: telephones and the magnetized tape being used in reel-to-reel tape recorders. On the back of a card, a small magnetic strip would be attached. Being magnetic it could be programmed with a telephone number that would be dialed when the card was swiped, to complete the transaction.
It became apparent, however, that using the technology would allow the data on the stripe to be stolen and used to make fake cards. Despite the mag stripe’s advances, it became clear that the data could easily be stolen and used to create counterfeit cards. As a result, EMV payment technology standards were introduced in Europe shortly after the turn of the 21st century specifically to protect payment card information. The United States is only now catching up even though card fraud has been increasing. The Nilson Report states that in 2012, merchants and the banks issuing the cards had a combined cost of $5.3 billion dollars.
On October 1, 2015, the financial entities agreed to impose a shift in liability. This would place the liability burden on the businesses that did not switch to the EMV technology. The only exception is gas stations. They have until October 1st, 2020 to become EMV-chip compliant. According to VISA, this is “because of the complicated infrastructure and specialized technology required for fuel pumps.”
What is EMV Technology?
An EMV card, also known as a chip card or a smart card, actually contains a computer chip that stores account information. The initials “EMV” stand for Europay, MasterCard, and Visa; these were the three processing firms that in 2002 agreed to the standards.
When an EMV card is inserted in the EMV card reader slot, data flows between the card chip and the issuing financial institution to verify the card’s legitimacy and create the unique transaction data. This process isn’t as quick as a magnetic-stripe swipe, however. Failure to wait until prompted to remove the card can result in a transaction that is refused.
Counterfeit fraud rates have already decreased in the U.S. as a result of the adoption of EMV, say Mastercard and Visa. In March 2017, Visa says that chip-enabled merchants saw a 58 percent drop in counterfeit fraud compared to a year earlier. During the period from April 2015 to April 2016, Mastercard saw a 54 percent decrease in counterfeit fraud costs among its EMV-ready merchants.
The process for completing a financial transaction is basically the same for a magnetic stripe card as it is for an EMV card. The information is read off the card and the activity is verified. But whereas a magnetic stripe card reader reads the information when a magnetic stripe card is swiped, an EMV card reader reads the information when the EMV card is inserted, or dipped, tapped, or waved in close proximity to the reader.
According to the American Bankers Association, “over 98% of the largest 200 merchants are chip-active and a majority of other merchants are also upgraded.”
However, EMV technology is not fraud-proof. If criminals can get a photo of the card with a hidden camera, then there is the possibility of the card number being used fraudulently in online transactions. This new tactic in the fraud war is called shimming.
Most U.S. card issuers have supplied EMV-capable cards to customers replacing the old magnetic stripe cards. Merchants have not been as quick to upgrade their magnetic stripe card readers to EMV-capable models and even when they do, issues with the software or payment processors may render the reader useless. Most of us have seen chip readers with the reader slot blocked and a handwritten sign telling you to swipe your card instead. If you DO swipe the card through the magnetic stripe card reader, you’ve defeated the purpose of EMV technology. Your card is now just as open to the same fraud risks as any magnetic stripe card.
Technology evolves in an attempt to better serve the user as well as reduce fraud. The magnetic stripe card technology will eventually be replaced by the EMV technology, which in turn will itself be replaced by some yet-to-be-invented technology.
ID TECH is a leading payment peripheral provider with a magnetic stripe, EMV contact, and EMV contactless expertise. It was established in 1985 in California and opened its Asia headquarters in Taiwan in 2016. For more information about its mobile transaction payment product, visit our Mobile Payment Solutions page.