Contactless payment of the era of mammoths + homemade card reader


hello everyone my new article

hello everyone my new article

magnetic stripe

Did you notice this little thing on your map? No? But this is the very detail that makes a rounded rectangle – a payment instrument in emoji.

Why were there no magnetic stripes in Russia? They were, but not everywhere. This is mainly due to the fact that bank cards came to Russia late, and immediately with a chip. But in the United States, the country where bank cards were invented, there are still a lot of terminals that do not accept a chip.

How does it work? In simple terms, a magnetic stripe is a data storage device. The same, for example, as paper, or a memory chip (not a microprocessor). By the way, paper was also used for payment, even before magnetic stripes, for this with the help of a special device imprintermade an imprint of numbers squeezed out on the map.

If you are interested in learning about the physical aspects of data storage on the strip: bit coding, checksum, particle magnetization – links to this below.
Here we consider only 2 and 3 levels of presentation.

1. Physical encoding of information
2. Logic coding
3. Application layer

Assembling the card reader

Well, yes, do you think everyone has it at home?
You can buy a ready-made small factory device from China, but it costs too much there – from 1000 rubles on sale. To play a couple of times and write an article is a bit expensive, so I’ll create my own.
What we need:
1. Something with a magnetic head
1. Old headphones (wire with minijack)
1. 2-3 position switch (or you can use your fingers)

Where there is a magnetic head: devices working with cassettes, payment terminals.
But since I don’t have cassette readers at home, the only way out was to buy a payment terminal (any even the oldest one will do), the magnetic head rarely fails and therefore you can buy any cheapest terminal so that it would not be a pity to disassemble it. I was able to buy 2 devices at once for only ~600r.

To assemble, you just need to connect the common wire of the minijack to each of the coils of the magnetic head on one side. And on the second side, connect both audio channels to the common output of the switch, and connect the rest of its outputs to the second output of each coil.

How it turned out for me:

for 400 rubles of savings, I ate at McDonald's

for 400 rubles of savings, I ate at McDonald’s

I connected the 1st and 2nd coils of the magnetic head to the switch, since there is usually nothing on the 3rd track (track).
It is important to remember that track 1 is located at the very top of the map, that is, it is mapped to the bottom coil of the reader, and track 3 is at the very top.

Software part

Assembling such a reader is half the battle. We still need to somehow decode the received data. I found only such a program – magstripper and basically it works.
How to use it (requires java):
You need to connect the reader to the microphone input.
Set this input as default recording device in sound settings

Downloading
Double click on .jar file
The following window opens:

magstripper

magstripper

Click on the button with a microphone and a green arrow and swipe the card (switch on the 2nd track)

I'm waiting for questions why are these banners here

I’m waiting for questions why are these banners here

Magnetic stripe cards in culture

Task from the game Among Us (2018). You need to swipe the card, not fast and not slow.

Task from the game Among Us (2018). You need to swipe the card, not fast and not slow.

Now the speed of the swipe is essentially not important. In all terminals, I spent as quickly as I could, and if the terminal was working, everything went well. On a self-made card reader, I also managed to carry out quite quickly and the data was read. The only thing you can’t do is stop in the middle of reading, then you definitely need to start over.

We analyze the received data

Yes, I cut the number to the BIN. Briefly about the data format on the 2nd track of a bank card (translated Wikipedia):

This format was developed by the banking industry (ABA). This track is recorded using a 5-bit scheme (4 data bits + 1 parity), which allows you to record 16 characters, including the numbers 0-9 and 6 characters  : ; < = > ?. The choice of 6 punctuation characters may seem strange, but these 6 characters are easily projected onto the ASCII range 0x30 – 0x3f which contains exactly 10 numbers and these 6 characters. Data format:

  • Start pointer – one character (usually ‘;’)

  • Account number (PAN) – up to 19 characters. Usually, but not always, the same as credit card number printed on the card itself.

  • Delimiter – one character (usually ‘=’)

  • Validity – four characters in the format YYMM.

  • Service code – three digits. The first stands for the acceptance rules, the second for the authorization rules and the third for the range of services provided to the holder. (below)

  • Unpredictable Data – needed to verify the authenticity of the card

  • End pointer – one character (usually ‘?’)

  • Longitudinal integrity control (LRC) – check sum.

    Service code

    First digit (Rules for accepting the card for use)

  • 1 International use allowed

  • 2 International use is allowed, a chip is required if supported by the merchant (if the terminal has a chip reader)

  • 5 National use only, unless there is an agreement with a foreign bank.

  • 6 Only national use, if there is no agreement with a foreign bank, a chip is required if supported by the merchant (if the terminal has a chip reader)

  • 7 Accepted only in the network of partner banks

    Second Digit (Payment Authorization Rules)

  • 0 Normal (Can be offline)

  • 2 Contact the issuing bank via the Internet

  • 4 Contact the issuing bank via the Internet, except for a bilateral agreement between banks

    Third digit (Range of services provided to the holder)

  • 0 Unlimited, PIN (personal identification number) input required

  • 1 Unlimited, no PIN

  • 2 Goods and services (you can not withdraw cash)

  • 3 ATM use only, PIN required

  • 4 Cash only

  • 5 Goods and services (you can not withdraw cash), you need to enter a PIN

  • 6 Unlimited, PIN required (if supported, optional)

  • 7 Goods and services (cannot withdraw cash), PIN required (if supported, optional)

Let’s try to make out what we counted from the card.
;5536910000000000=29122013000032100000?

Number: 5536910000000000
Validity: 2912
Service code: 201

  • International use is allowed, a chip is required if supported by the merchant (if the terminal has a chip reader)

  • Normal (Can be offline)

  • No limits, no PIN

Checking

please don't sleep money

please do not write off money, mom’s card

Almost Conclusions

In 2023, the magnetic stripe has almost sunk into oblivion. And by 2025, the main payment systems have announced their intention to remove them altogether.
Those Habr readers who were adults when I was not yet born, and found magnetic stripes as their direct means of payment, most likely will not endure anything from this article. But those who are younger and do not even know why a magnetic stripe is needed and how to use it, may have discovered something new for themselves. But stop.

Where is the magnetic stripe used in 202x?
If you take your card right now and spend it in the next five, then 101% that you will not succeed. The terminal will ask you to insert a card with a chip (service code). And it’s not just done.

Imagine the situation: you are a little boy in the fifth grade, to whom his mother threw off 2,000 rubles for lunch after school. You bought a bun and juice and you still have 1900 rubles left. But then an evil uncle comes around the corner and takes the children’s card. If this protection measure did not exist, then the robber could easily swipe the magnetic strip and write off all the money without a pin in the first store. But since the terminal sees that there is a chip on the card, it will not give the fraudster a chance. (Yes, yes, I know about NFC, but there is a threshold of 1000 rubles for an operation, but there is none in the band)

Here before people also wanted to live

Where can I get a magnetic stripe card?
Yes, it’s still possible. Somewhere they write that visa and mastercard have long banned the issuance of cards without a chip, only with a stripe. But what are their rules to us. There is one Russian bank that continues to issue gift cards under its own brand to this day. Google: <> 1 or 2 links – what you are looking for.

My one

las vegas

las vegas

Service code 121

  • International use allowed

  • Contact the issuing bank via the Internet

  • No limits, no PIN

But the PIN was still requested 1 time by the terminal, in the McDonalds terminal. (because transactions using a magnetic stripe must be checked by the cashier for a match between the signature on the check and the back of the card, and since the self-service terminal is a pin)

In general, there are more problems with her, basically, of course, the cashier will be surprised and a couple more people in the queue, but when after 3 swipes – nothing, and you have to get apple pay is not quite cool =/

And it also wears out physically, after 20 payments it is already covered in longitudinal scratches.

But this is not the only bank that issues cards without a chip, there are also cards from different MFIs. Cobag MasterCard + Golden Crown. And just on the 3rd lane, the golden crown stores its data, which is track 2 with slight differences.

Why do banks keep issuing cards without a chip, because it’s not safe? – cheap cards without a chip

Cool Links

https://habr.com/ru/company/timeweb/blog/701206/
https://en.wikipedia.org/wiki/Digital_card

Similar Posts

Leave a Reply

Your email address will not be published. Required fields are marked *