The one thing to point out is that credit card numbers have some unique properties. Names and Expiration dates are pretty straightforward and don't need much explaining.Ĭredit Card Number - Also known as "Primary Account Number" (PAN). It's sort of good to understand the components of this interface because they're present in to the other interfaces (but a little different).įrom a physical perspective, your card should have four main attributes: Physical AttributesThis interface is probably the most widely known and understood because its been around the longest and its the easiest to inspect. Note that some data has been changed to protect the card holder's (my) information. The purpose of this post is to evaluate all three interfaces of the card and see how they differ. This obviously varies from bank to bank and card manufacturer to card manufacturer. The discretionary data is also different between the two tracks.īasically, there is no way for anyone except the issuing bank to know whether correctly-formatted swipe data is actually valid or not, but there's no way to fake it to the bank, either.ġ: This isn't quite true: It's also for speed and automation.Ģ: The rules also prohibit storing the CVV.Modern credit cards in the United States have three interfaces: Discretionary data is unique to each issuing bank, but usually contains information such as the CVV1 (which is not what's printed on the card), an encrypted PIN (for ATM use), and other distinguishing data. Service codes are standardized, but there's no way to know ahead of time (i.e. If you look at what's in the swipe, you'll see that both the Service Code and the Discretionary Data fields are not printed on the card anywhere. Likewise, that's why PCI rules require you to never store the full swipe data (so you can't replay it later). If you were able to reconstruct it without the card, that would defeat the purpose. The whole 1 concept of magstripe data on the card is to prove that the card was present at the time of the transaction.
0 kommentar(er)
