Specifications of magnetic stripe cards

By mid-2005, banks participating in the largest international payment systems VISA, MasterCard, American Express, Diners Club, and JCB issued a total of about 3 billion cards to their customers. Plastic cards have become a familiar attribute of today’s everyday life, and it can be argued that many people on our planet are at least generally aware of what plastic cards are and how to use them.
However, in order to continue to adhere to a common and understandable terminology, we will briefly describe how non-cash payment systems based on the use of plastic cards function.
Let’s start, of course, with the main thing-a plastic card. Consider a Bank whose customers keep their money savings in their Bank accounts. When a Bank customer is going to make a purchase, but there is not enough money in their pocket for this, they can go to the Bank, withdraw the necessary amount from their account (if any) and go to the store to make the purchase.
In order to go to the Bank less often, the client withdraws money taking into account not only the current purchase, but also taking into account other projected expenses for the foreseeable future. Thus, the client causes serious damage to the banking business, since the money withdrawn for the future could continue to work for the Bank instead of lying in someone’s pocket and waiting for the moment of its use.
The situation would change radically for the Bank if it had a mechanism that provides its customers with remote access to their accounts at service points (for example, shops, restaurants, taxis, etc.). In this case, the client would not need to withdraw money for the future. Having access to his account, he would simply make a payment transaction in the store for the amount of the purchase, using the funds of his own account. To do this, of course, the Bank must first agree with the store that the customer, if the Bank’s approval is expressed in a pre-agreed form, can make a non-cash purchase under the guarantee of their Bank.
This is how the idea of using a plastic card as a means of remote access for its holder to their Bank account appeared. In the 50s of the XX century, more than 100 American banks started their card programs based on this idea. However, a fundamentally new period in the development of the card business came in 1958, when the first and second largest American banks entered it: Bank of America and Chase Manhattan Bank. Bank of America’s card program was called BankAmericard.
As card programs have grown, most banks have faced an obvious problem — the limited network for accepting their cards. This reduced the interest of customers in the cards offered by banks. The customer could not rely on the card as a universal means of payment, because in some retail outlets, the Bank card could be paid, and in some— not. It became obvious that no Bank in the world is able to enter into contracts with almost all retail outlets of the world to accept their cards in them. Not to mention the Bank’s inability to serve stores in places where there are no Bank branches. Stores that were” remote ” from the Bank had no interest in entering into a contract with the Bank to service its cards. What is the point for a merchant to enter into such a contract if it knows that no Bank customer may ever appear at the door of its store? The idea of combining the card programs of various banks was in the air and gradually began to be implemented.
In 1966, Bank of America began issuing licenses to issue BankAmericard to other banks. In response to this, several major rival banks of Bank of America created their own inter-

Bank card Association, Interbank Card Association or ICA. In 1969, this Association purchased the rights to the Master Charge card issued by the Western States Bank card Association, and most ICA members switched to servicing and issuing Master Charge cards.
In turn, the banks that issued the BankAmericard card insisted that this card program be removed from the control of Bank of America. Thus, in July 1970, the national BankAmericard Incorporated or NBI Association was established.
As a result, by the early seventies, two major competitors in the Bank payment card market— ICA and NBI-had formed in the United States. In 1976, the NBI system renamed its card to the well-known VISA card, and in 1980, the ICA Association gave its card the international name “MasterCard”. Thus, two of the world’s largest payment systems have emerged relatively recently.
A payment system is an Association of banks, called member banks of this payment system, subject to uniform rules called payment system rules. When a Bank joins the Association, it confirms its readiness to follow the established rules of the payment system. These rules define the technical, legal, organizational and financial aspects of the Bank’s operation in the non-cash payment system. The Bank’s acceptance of the system’s rules is recorded in its agreement to join the payment system and is the basis for mutual trust between banks unknown to each other when they organize non-cash payments for their clients. Control over the implementation of the rules by all participants of the payment system is performed by the Executive body-the administrator of the payment system.
The payment system is also the guarantor of settlements between banks participating in the system. This supports the confidence of banks in the idea of a payment system, which is based on the confidence of the Bank that serves the point of sale in receiving monetary compensation from the Bank of the client who performed an operation using plastic kata at the point of sale.
In the payment system, each Bank can act in two ways: first, as a Bank issuing plastic cards and,
second, as a Bank that serves (accepts) plastic cards. Each Bank can be both an Issuer and a servicing Bank.
As an Issuer, the Bank issues a special certificate (a plastic card) to its client (an individual and / or legal entity that has an account with this Bank), which allows them to receive various services. These services include non-cash purchases from a merchant, receiving cash at an ATM or Bank branch, obtaining information about the current balance of funds on the client’s account, transferring money from one client’s account to another client’s account, transferring money from the client’s account to another person’s account, etc.
In this case, the plastic card remains the property of the issuing Bank, and the customer who received the card is its holder, i.e. the person who received the card from the Bank for temporary use. The card holder receives it under an agreement with the Bank, which also stipulates that the card cannot be transferred to a third party.
The appearance of plastic cards was associated with providing the Bank’s customer with the opportunity to pay for purchases of goods and services on credit. At the same time, the card Issuer guaranteed the merchant to pay for the purchase of its client. At the end of each month, the Bank provided the customer with an invoice based on all purchases made by the customer on the card from the end of the previous month to the end of the current month. The client had to pay the Bank’s bill in full at the beginning of the next month. These cards are called charge cards.
By issuing a credit card, the Bank can provide the customer with a real revolving credit. In this case, the Bank enters into an agreement with the client, under which the client is obliged to pay the Bank a certain percentage of its debt stipulated in the agreement on a monthly basis. To the remaining part of the debt, the Bank adds its interest, which is a Commission for the lending service provided to the client, calculated through the Bank’s credit interest rate and applied to the client’s current debt remaining from the Bank loan received.
Along with credit cards, there are debit cards associated with the client’s Deposit account (s) in the Bank (accounts that hold the client’s personal funds). In this case
a plastic card is a means of remote access for a customer to their Bank account. Typically, a customer can perform debit card transactions within the size of their account. Sometimes the Bank allows the client to exceed the size of his account within the threshold set by him (overdraft).
A plastic card is a carrier of information that:
identifies the card Issuer, the Association of banks to which the card Issuer belongs, the card product, and the card holder-the Bank’s client;
defines the conditions for using the card (online / offline transaction processing mode, the need to perform a transaction only using an electronic terminal, the need to enter a PIN code, the geography of reception, the period of time during which the card can be used, etc.);
Contains elements of card protection against forgery (hologram, micro-printing, special embossed (embossed) symbols, visible in ultraviolet light symbols, a photo of the card holder, special verification sequences that ensure the integrity of card data, etc., in microprocessor cards— secret keys and, possibly, the PIN code of the card holder).
The card contains the logos of the payment system and the issuing Bank, as well as information called card details: card number, card expiration date, service code, name of the holder, and special information generated by the Issuer and used by it for remote authentication of the card. Some of this information is applied to the card’s plastic using special printing or embossing and is read visually and tactically during the transaction. This information is used by the merchant’s merchant to perform the so-called voice authorization, in which the merchant contacts the Bank’s voice authorization service by phone and informs it of the merchant’s details, the card, the card holder, and the transaction being performed. The voice authorization service enters the received information about the card into the computer of the processing center, which initiates the authorization of the operation and returns the Issuer’s decision, which is reported to the merchant.
The other part of the information is applied to the magnetic stripe and (or) the microprocessor (chip) located on the map. Information from a magnetic stripe or chip is read using special devices called card readers or card readers. Electronic terminals in a commercial enterprise (Point-of-Sale, or POS-terminals), as well as automatic cash withdrawal devices (ATMs) are equipped with similar card readers, or simply readers.
The servicing Bank provides support for the plastic card acceptance infrastructure, which generally includes ATMs, cash points, and trade and service enterprises. The servicing Bank enters into contracts with merchant companies for servicing plastic cards in them, guaranteeing the merchant a refund for transactions made in it using the cards of any Bank participating in the payment system.
Some payment systems additionally guarantee the merchant a refund for transactions made using the cards of this payment system. An additional guarantee is issued in the event of a financial collapse of the servicing Bank and its inability to reimburse the merchant for purchases made using plastic cards. In this case, the payment system is calculated with the merchant based on the card transactions performed in it instead of the failed Bank. The guarantee of the payment system increases the confidence of the merchant in the reimbursement of funds for non-cash purchases. This confidence is the basis of the payment technology using plastic cards.
One of the most important tasks of any payment system is to create a wide geographically distributed infrastructure for accepting cards. Such a card acceptance infrastructure makes the use of the card attractive to its holder and Issuer. It is to create a developed infrastructure for accepting cards that the efforts of many banks participating in the payment system are required.
Obviously, creating an infrastructure for receiving cards in mathematical terminology is the inverse problem of issuing cards. The more cards that circulate in the payment system, the more interesting it is for a merchant to accept cards from this payment system-
we and, therefore, the easier it is to create an infrastructure for receiving cards. On the contrary, the more developed the card acceptance infrastructure, the easier it is for banks to attract their customers by issuing payment system cards.
When a customer of Bank A is going to make a purchase at a merchant of service Bank B, the merchant must first make sure that, in accordance with the agreement with service Bank B, the transaction on the card presented for payment will be refunded. In other words, the merchant must make sure that the Issuer A and the servicing Bank B are members of the same payment system. This is visually determined by the payment system logo printed on the customer’s plastic card.
The process of payment in the General case consists of two parts. The first part is the authorization of the transaction

The cashier of the commercial enterprise “reads” plastic card presented by the customer for the purchase payment required to authorize transaction information, and may receive additional customer identification information directly from the client (personal identity number of the client’s Bank, client’s name, other identifiers). Next, the cashier adds information about the purchase — the size and currency of the transaction, sometimes the type of operation.
Based on the collected information, the merchant makes a decision on the technology of performing the operation (using a magnetic stripe or chip), as well as on the transaction authorization mode — online or offline. In offline mode, the decision to allow or reject an operation is made by the termi-
cash and card (in the case of a microprocessor card). In online mode, this decision is made by the card Issuer.
In the case of online authorization, the information received from the customer and read from the card, as well as information about the purchase and the merchant (IDs of the merchant and the card receiving device, the method of entering the card information into the payment network, and the description of the terminal’s capabilities for processing transactions) are transmitted by the merchant to its servicing Bank in the form of an authorization request. Using an authorization request, the merchant asks the servicing Bank whether it can provide the service requested by the customer. The servicing Bank must verify the data received in the request:
existence of a trading company with the details specified in the request and its authorization to perform the requested operation;
integrity of data received from the terminal;
availability of the card in the payment system’s stop lists;
the ability to perform an operation (for example, the card is intended for intra-country operations, and an inter-country operation is attempted on it, the card must be used with the mandatory verification of the PIN code of its holder, etc.).
In the case of offline authorization, the last two items must be checked by an electronic terminal.
In the case of online authorization, the servicing Bank applies to the issuing Bank >4 for permission to provide a plastic card service. At the same time, banks A and B exchange messages in accordance with the rules established by the payment system. Therefore, the syntax and semantics of messages should be clear to both banks.
Issuer A, upon receiving a request from the service Bank B, verifies the accuracy of information about the card and its holder: the correctness of the card details and ID of the card holder, the status of the card in the Issuer’s system (active or blocked). After that, Bank A determines whether the funds on the client’s account are sufficient to pay for the requested service. If all checks were completed successfully, Bank A responds to Bank B’s request for permission to
making a purchase by first debiting (or only freezing) the amount of the purchase from the customer’s account, along with some of the commissions set by the customer.
Since the authorization of Bank A under the rules of any payment system is a guarantee of reimbursement of funds to Bank B from Bank L, the servicing Bank, in turn, allows the purchase operation to its merchant, thereby guaranteeing the latter a refund for the operation performed using the card. In most cases, if the servicing Bank provided the Issuer with reliable and sufficient information (according to the rules of the system) for authorization, the responsibility for the transaction in the event of a dispute (dispute) falls on the Issuer. In particular, if the transaction was performed using a fake card or a stolen / lost card, the responsibility for fraud is assigned to the card Issuer (the relatively recent shifts of responsibility towards the servicing Bank related to migration to the microprocessor card technology are not considered at this time).
The second part of non-cash payment for goods/services consists of payments between all participants of the transaction. As already noted, the merchant receives a refund for the purchase transaction from its service Bank. The servicing Bank, in turn, receives a refund from the issuing Bank. The payment system acts as the guarantor of payments between banks. This is its most important function. Payments are usually made without acceptance (i.e. without obtaining special permission from their participants) through special accounts opened by banks in settlement banks of the payment system.
Finally, the issuing Bank debits the transaction funds from its client’s account. Thus, with the participation and guarantee of the payment system, funds are transferred from the client’s account to the merchant’s account.
The basis for settlements between transaction participants can be authorization messages exchanged between the servicing Bank and the issuing Bank during the transaction. In this case, at the end of the business day, the payment system, based on the information available to it, makes payments for the past business day between all its clients-
mi-participants. System in which the calculations are made on the basis of the authorization of traffic, are called Single Message System (SMS).
Sometimes the rules of the payment system are such that in order to initialize payments between transaction participants, the servicing Bank must send a special financial message to the payment system, which is then transmitted to the issuing Bank. Only on the basis of this message will the payment system make payments between its participating banks for the completed transaction. A special message is called a presentation, and systems that perform calculations based on presentations are called the Dual Message System (DMS).
Today, international payment systems support both types of payment systems — SMS and DMS, giving preference to DMS systems for settlements on non-cash purchases. Although DMS systems are functionally more flexible, their technical support is more complex and expensive. As a result, the General trend is to switch payment systems to SMS mode.
In the payment system, from time to time, for various reasons related to the results of individual transactions, disputes (disputes) may arise between the issuing Bank and the servicing Bank. For example, a cardholder may claim that they have never made a transaction for which money was debited from their account, or that they have made a transaction for a different amount. Life is multi-faceted, and there can be many such “or”. To resolve disputes that arise, payment systems develop rules that provide for the use of special messages that are exchanged between banks participating in the system in the event of disputes.
In particular, if the issuing Bank believes that some transaction made on its customer’s card is incorrect, it sends a special message to the servicing Bank, called chargeback (refusal of payment). Based on this message, the payment network transfers funds related to the transaction that was rejected from the correspondent account of the service Bank to the account of the issuing Bank. The Issuer then transfers the returned money to the client’s account.
Usually, in accordance with the rules of the payment system, if the servicing Bank does not agree with the Issuer’s opinion, it can send it a second presentation. In this case, the Issuer understands that its next repeated refusal of payment will mean the beginning of an arbitration process between the banks participating in the transaction. The arbiter of the dispute is usually the payment system administrator. The Bank may also try to challenge the decision of the system administrator by applying to the court.
Non-cash transactions in payment systems are called transactions. Payment systems support various types of transactions: purchase, cash withdrawal at a Bank branch, cash withdrawal at an ATM, obtaining information about the customer’s account balance, etc.
Transactions also differ in the way card information is presented to the payment system. There are electronic transactions (card information is read from a magnetic stripe / chip) and voice authorization transactions (paper-based).
By definition, a CNP transaction (Cardholder Not Present) is a purchase operation using a plastic card, at the time of which the customer is not personally present at the merchant. In this case, the merchant informs the merchant of the card details (usually the card number and expiration date) required for authorization in absentia (by letter, phone, data network, etc.).
A special case of a CNP transaction is an e-Commerce transaction. An e-Commerce transaction is understood as a CNP transaction, in which data is exchanged between the plastic card holder and the merchant about the card details and the transaction via the Internet.
The ability to make a purchase in absentia (if there is no buyer at the point of sale) has always been attractive for both the buyer and the seller. For the buyer — because of the convenience of the method of purchase (without leaving home, at any time of the day, in a quiet mode without a queue, etc.), for the seller — mainly due to the possibility of reducing the overhead costs of organizing trade and the ability to advertise your product around the clock to a wide audience of potential buyers.
At the first stage of the development of “correspondence” trade, the most common way to order goods during the purchase process was by mail, Telegraph and telephone. This is why such transactions are called mail Order / Telephone Order transactions. The only problem at that time was the organization of payments for such purchases. The seller wanted to identify the buyer in advance and make sure of its creditworthiness. With the spread of plastic cards, this problem has been solved to a certain extent— trade enterprises have the opportunity to get relatively reliable guarantees of the customer’s creditworthiness.
The relative nature of the guarantee was that the probability of credit card fraud becomes unacceptably high when purchasing in absentia. To successfully complete an absentee purchase operation, it is often enough to know just the card number and its validity period.
Due to the increased risk of fraud in CNP transactions, on the one hand, and the attractiveness of such transactions from the point of view of commercial enterprises and, consequently, their servicing banks, on the other, payment systems allow such operations, while changing the distribution of responsibility for the financial result of the operation in the event of fraud. This change is formulated as follows. If an e-Commerce transaction is executed without using reliable technology, the responsibility for fraud in such transactions lies with the servicing Bank.
Today, reliable technology in international payment systems means mandatory online authorization using the 3D Secure algorithm. With the support of this technology, the distribution of responsibility for the transaction becomes classic: in the event of a conflict, if the data is correctly presented by the servicing Bank, the Issuer is responsible for the result of the operation.
Unfortunately, the first truly reliable e-Commerce algorithm, known as Secure Electronic Transaction (SET), has now been put out of use by MasterCard and VISA payment systems.

The physical characteristics of a plastic payment card are specified by the IS0/IEC 7810 standard: “Identification cards — physical characteristics”. This standard defines the nominal physical characteristics for three types of identification cards, called ID-1, ID-2, and ID-3. The ID-1 card type determines the generally accepted size and shape of the payment plastic card.
The ID-2 and ID-3 card types are large, but they match the other physical characteristics of the ID-1 card.
53.975 mm

The ID-1 ID card is a rectangle with a width of 85.595+0.125 mm, a height of 53.975+0.055 mm, and a thickness of 0.760+0.008 mm. the radius of the circle at the corners of the rectangle is 3.18 mm.
The IS0/IEC 7810 standard imposes strict restrictions on the permissible deformation of the map, especially near the area where the magnetic stripe is attached. The result of the requirements of this standard is a guarantee that when the ID-1 card is placed in the reader or printing device, the information from the magnetic stripe will be reliably read, and the embossed numbers will give a reliable impression. The card will not be damaged or distorted in any way.
The IS0/IEC 7810 standard also specifies the characteristics of the material from which the ID-1 identification card is made. According to the standard, the map must consist of polyvinyl chloride, polyvinyl chloride acetate, or “materials with equal or better characteristics”. The criteria for the quality of the material from which the map is made are the characteristics of its deformation. The IS0/IEC 7810 standard requires that after one side of the card is curved upwards by 35 mm (which corresponds to approximately half the width of the card), it must return to its original flat state with a deviation of 1.5 mm.
Interestingly, the longevity of the card is not stipulated by the IS0/IEC standards and is determined by “mutual agreement between the Issuer and the card manufacturer”.
The IS0/IEC 7811 standard, based on the IS0/IEC 7810 standard, establishes ways to encode information on an identification card using magnetic stripe stamping and recording methods. This specification is divided into five parts:
embossing (recording method);

  • magnetic stripe (recording method);
  • location of characters when embossed on the ID-1 map;
  • location of read-only magnetic tracks (tracks 1 and 2);
  • location of read/write tracks (track 3).
    Embossing (embossment) means the formation of relief symbols raised above the surface of the map. Raised characters form a surface that can be used to print these characters on special paper forms using a “printing press” called an imprinter. A special paper form is called a slip and consists of three copies processed with a special chemical composition that darkens in places that have been subjected to pressure.
    This form property is used when rolling a slip in the im printer. A map is placed in the imprinter, and a slip is placed on it, which is rolled on top with rollers. As a result, characters embossed on the plastic leave prints on the slip. One copy of the slip is given to the cardholder, the other remains in the merchant’s cash register (or cash point) as the primary document, and the third is transferred to the servicing Bank.

Embossed symbols are also used to visually identify the cardholder’s personal data. Therefore, these symbols are colored with special paint, usually silver, black or gold.
The ANSI/ISO/IEC 7811-1 standard specifies acceptable embossing characteristics, including the relief height of the embossed characters (from 0.46 to 0.48 mm), the spacing between the embossed characters (from 2.54 to 3.63 mm), and the size of the characters (4.32 mm).
The ANSI / ISO / IEC 7811 standard defines the location of characters when embossed on an ID-1 card, as well as the location of magnetic strips. As shown in Fig. 1.3, two zones are defined for embossing. The first one, with the middle line at a height of 21.42 mm from the lower edge of the card, is located just below the middle line of the card and allows the placement of 19 impressions of the digits of the card identification number. Immediately below it is an additional embossing zone with a size of about 14.53 x 66.04 mm. in this zone, 4 rows of 26 characters each can be used to form the name and address field. The zone is at least 2.41 mm from the lower edge of the map, and 7.65 mm from the left edge.Relief symbols have a bulge towards the front surface of the map.