Method for finding out counterfeiting of "magnetic card" such as bank card and gift card

"Magnetic card" which records information on a magnetic stripe affixed to a plastic card is widely used such as a bank cash card, a credit card, a gift card sold at convenience stores and so on. However, in recent years, equipment that can freely rewrite the contents of the magnetic stripe is readily available, and it can be said that it is always exposed to the risk of receiving counterfeit damage. Brian Krebs, a security expert, introduced a method for finding out counterfeit cards found by the research team of the University of Florida with high precision, and disseminates methods for consumers not to suffer damage.

The Cards Are not Alright: Detecting Counterfeit Gift Cards Using Encoding Jitter

Detecting Cloned Cards at the ATM, Register - Krebs on Security

For bank cash cards and credit cards, cards with embedded IC chips with higher security are being used, but gift cards sold at convenience stores and other stores are magnetic with magnetic stripe Cards are used. The act of reading the contents of this magnetic stripe and taking away the usage right (= money) purchased by another person from the side is a problem.

By401 (K) 2012

In such gift cards, in many cases, gift cards are not allowed to use until the purchaser pays money at the cash register and further scraps back the scratch part and registers the PIN code, but this strategy There is a way to avoid.

It is "to paste a scratch part newly" which is gone if it is scraped off, and "to monitor the status of the card with a net etc". The criminal obtains the serial number and PIN code of the gift card placed at the shop front, pastes the scratch part after confirming the PIN code, and returns it to the original place. Then, customers who really asked for gift cards will not pay attention to the card whose number was stolen and will pay at the cashier.

After that, the criminal logs in to the net using the gift card serial number, and it is time to see when the purchaser activates the gift card in the formal procedure. When it is confirmed that the activation is actually done, the criminal uses the counterfeit card prepared in advance and the original buyer uses the contents before actually using the card .

The research team at the University of Florida, who studied measures to deal with this problem, has focused on the fact that the magnetic writer used by criminals has "sweetness of writing accuracy". The research team used a device capable of visualizing the information recorded on the magnetic stripe and investigated the position and information at which position is recorded.

Then, the following image was obtained. The magnetic stripe of this card has "track 1" that can store 210 bits of information per inch and "track 2" of 75 bits, and the magnetic plus is shown in blue and the minus in red is shown in red .

And when comparing the recording situation of regular card and counterfeit card, it is said that a clear difference was confirmed. The physical distance at which each bit is recorded in the regular card (upper row) was about 320 μm and it was not so scattered, but in the counterfeit card (lower row) the distance was about 350 μm, and the variation was also I know that it is getting bigger.

The graph below shows the variation of the bit-to-bit distance over the entire card. On the regular card of green, the line of the graph concentrates around 320 μm and the swing width is also small, whereas the graph of the counterfeit card is larger than the regular card, and the graph also rises up and down, It is shown to be in a sweet state.

According to the research team, the counterfeit judgment device based on this result can detect forged card with probability of almost 100%. It is a result that is likely to bring light to banks and the retail industry, but in fact surprising circumstances have been found that industry personnel are not ambitious to concentrate on this field too much.

The reason is that IC cards are already spreading in the world of cards. Everyone has a sense of resistance against investing from traditional magnetic cards in the situation where IC cards with high security are present, and bear the cost of installing counterfeit determination machines in ATM etc. There seems to be few people who are passionate about it.

On the other hand, there is a cost problem regarding gift cards as IC cards. It is said that it costs 2 to 3 dollars (about 220 yen to 330 yen) per piece to create an IC card, and the cost will eventually be passed on to the selling price of the card. Since it is not acceptable for anyone to purchase "1000 yen card" with 1300 yen money, it is considered unlikely that IC cards will be introduced into gift cards.

ByCheon Fong Liew

Apparently, it is hoped that it will be possible to adopt a mechanism with high security for gift cards using traditional magnetic cards. Nonetheless, consumers are affected by gift card fraud using such counterfeit cards. In order not to suffer damage, Mr. Krebs noted that the following points should be noted.

· If possible, purchase cards directly from shops and restaurants issuing gift cards
· If you buy a resale card from the web, check the purchaser's review and choose the other party with no bad evaluations
· Confirm remaining balance before and after purchase of gift card and check if there is any strange situation
· It is the seller, not the company listed on the card, to guarantee the balance of the resold gift card. If you are suffering from fraud, you may be able to receive a refund from the company in some cases, so it is also effective to contact with the expected half.
· When selling gift cards on the net, do not tell PIN code until you can confirm payment from buyer
· When buying gift cards online, you should be wary of those who do significant discounts or set sale

In the following article you can read how you can visualize how information is recorded on credit card magnetic stripes and hard disk in a simple way.

Science to enjoy with magnetic stripe of credit card - GIGAZINE

in Hardware,   Security, Posted by darkhorse_log