Friday, April 23, 2010

How credit cards works ?

Here we give you a detailed explanation on how exactly credit cards work, a little know-how on the scientific side of credit cards.

By the Numbers
Although phone, gas and department stores have their own numbering systems, ANSI Standard X4.13-1983 is the system used by most national credit-card systems.
The front of your credit card has a lot of numbers — here’s anexample of what they might mean.

Here is what some of the numbers stand for:

· The first digit in your credit-card number signifies the system:

3 – travel / entertainment cards (such as American Express and Diners Club)
4 – Visa
5 – MasterCard
6 – Discover Card
· The structure of the card number varies by system. For example, American Express card numbers start with 37; Carte Blanche and Diners Club with 38.

o American Express – Digits three and four are type and currency, digits five through 11 are the account number, digits 12 through 14 are the card number within the account and digit 15 is a check digit.

o Visa – Digits two through six are the bank number, digits seven through 12 or seven through 15 are the account number and digit 13 or 16 is a check digit.

o MasterCard – Digits two and three, two through four, two through five or two through six are the bank number (depending on whether digit two is a 1, 2, 3 or other). The digits after the bank number up through digit 15 are the account number, and digit 16 is a check digit.

Now that we know what the numbers stand for, let’s examine the stripe on the back.

The Stripe
The stripe on the back of a credit card is a magnetic stripe, often called a magstripe. The magstripe is made up of tiny iron-based magnetic particles in a plastic-like film. Each particle is really a tiny bar magnet about 20-millionths of an inch long.

The magstripe can be “written” because the tiny bar magnets can be magnetised in either a north or South Pole direction. The magstripe on the back of the card is very similar to a piece of cassette tape.

A magstripe reader can understand the information on the three-track stripe. If the ATM isn’t accepting your card, your problem is probably either:

· A dirty or scratched magstripe
· An erased magstripe (The most common causes for erased magstripes are exposure to magnets, like the small ones used to hold notes and pictures on the refrigerator, and exposure to a store’s electronic article surveillance (EAS) tag demagnetizer.)

Information on the stripe

There are three tracks on the magstripe. Each track is about one-tenth of an inch wide. The ISO/IEC standard 7811, which is used by banks, specifies:

· Track one is 210 bits per inch (bpi), and holds 79 6-bit plus parity bit read-only characters.
· Track two is 75 bpi, and holds 40 4-bit plus parity bit characters.
· Track three is 210 bpi, and holds 107 4-bit plus parity bit characters.

Your credit card typically uses only tracks one and two. Track three is a read/write track (which includes an encrypted PIN, country code, currency units and amount authorised), but its usage is not standardised among banks.

The information on track one is contained in two formats: A, which is reserved for proprietary use of the card issuer, and B, which includes the following:

Start sentinel – one character
Format code=”B”- one character (alpha only)
Primary account number – up to 19 characters
Separator – one character
Country code – three characters
Name – two to 26 characters
Expiration date or separator – four characters or one character
Discretionary data – enough characters to fill out maximum record length (79 characters total)
End sentinel – one character
Longitudinal redundancy check (LRC) – one character
LRC is a form of computed check character.

The format for track two, developed by the banking industry, is as follows:

Start sentinel – one character
Primary account number – up to 19 characters
Separator – one character
Country code – three characters
Expiration date or separator – four characters or one character
Discretionary data – enough characters to fill out maximum record length (40 characters total)
LRC – one character

There are three basic methods for determining whether your credit card will pay for what you’re charging:

· Merchants with few transactions each month do voice authentication using a touch-tone phone.
· Electronic data capture (EDC) magstripe-card swipe terminals are becoming more common – so is swiping your own card at the checkout.
· Virtual terminals on the Internet

This is how it works: After you or the cashier swipes your credit card through a reader, the EDC software at the point-of-sale (POS) terminal dials a stored telephone number via a modem to call an acquirer. An acquirer is an organization that collects credit-authentication requests from merchants and provides the merchants with a payment guarantee.

When the acquirer company gets the credit-card authentication request, it checks the transaction for validity and the record on the magstripe for:

Merchant ID
Valid card number
Expiration date
Credit-card limit
Card usage
Single dial-up transactions are processed at 1,200 to 2,400 bits per second (bps), while direct Internet attachment uses much higher speeds via this protocol. In this system, the cardholder enters a personal identification number (PIN) using a keypad.

The PIN is not on the card – it is encrypted (hidden in code) in a database. (For example, before you get cash from an ATM, the ATM encrypts the PIN and sends it to the database to see if there is a match.) The PIN can be either in the bank’s computers in an encrypted form (as a cipher) or encrypted on the card itself. The transformation used in this type of cryptography is called one-way. This means that it’s easy to compute a cipher given the bank’s key and the customer’s PIN, but not computationally feasible to obtain the plain text PIN from the cipher, even if the key is known. This feature was designed to protect the cardholder from being impersonated by someone who has access to the bank’s computer files.

Likewise, the communications between the ATM and the bank’s central computer are encrypted to prevent would-be thieves from tapping into the phone lines, recording the signals sent to the ATM to authorise the dispensing of cash and then feeding the same signals to the ATM to trick it into unauthorised dispensing of cash.

If this isn’t enough protection to ease your mind, there are now cards that utilise even more security measures than your conventional credit card: Smart Cards.

Smart Cards

The “smart” credit card is an innovative application that involves all aspects of cryptography (secret codes), not just the authentication we described in the last section. A Smart Card has a microprocessor built into the card itself. Cryptography is essential to the functioning of these cards in several ways:

· The user must corroborate his identity to the card each time a transaction is made, in much the same way that a PIN is used with an ATM.
· The card and the card reader execute a sequence of encrypted sign/countersign-like exchanges to verify that each is dealing with a legitimate counterpart.
· Once this has been established, the transaction itself is carried out in encrypted form to prevent anyone, including the cardholder or the merchant whose card reader is involved, from “eavesdropping” on the exchange and later impersonating either party to defraud the system.

This elaborate protocol is conducted in such a way that it is invisible to the user, except for the necessity of entering a PIN to begin the transaction.

Smart Cards first saw general use in France in 1984. They are now hot commodities that are expected to replace the simple plastic cards most of us use now. Visa and MasterCard are leading the way in the United States with their Smart Card technologies.

The chips in these cards are capable of many kinds of transactions. For example, you could make purchases from your credit account, debit account or from a stored account value that’s reloadable. The enhanced memory and processing capacity of the Smart Card is many times that of traditional magnetic-stripe cards and can accommodate several different applications on a single card. It can also hold identification information, keep track of your participation in an affinity (loyalty) program or provide access to your office. This means no more shuffling through cards in your wallet to find the right one – the Smart Card will be the only one you need!

Experts say that internationally accepted Smart Cards would be increasingly available over the next several years. Many parts of the world already use them, but their reach is limited. The Smart Card will eventually be available to anyone who wants one.