What do you guys know about Card-Swipe-Readers?

[Buddha Bart]

College ID's use them, Library cards use them, drivers licences, credit cards, etc

A friend and I are trying to figure out more about how these work. Anyone know of any good resources (most web pages I can find just want to sell me stuff)? Know of a reader that will just give you the raw data into a PC? What about a writer?

bart

 

[hans007]

the ones here at school work like this. Your ID number is the only thing on your card. The card readers go into an ethernet port, where it goes onto some server apparently with your info. Figured this out one day , because at my school you can put like bruin cash on your card or something. So you go to a machine and you slide the card in, but then you dont leave it in to put in the money, it just adds to your account, so i'm assuming all the card has on it is your ID number, maybe your name and i think the residence hall so that it can open doors only in certain places

 

[wake]

I know someone who is self-employed building and programming these things for banks and what have you. If you need this info for legitimate activities I could get his email for you..

 

[Mark R]

Digital data is stored on swipe cards on the magnetic strip - this strip is essentially the same stuff as the magnetic tape found in audio and video tapes; it is trivial to 'make' a swipe card from a piece of card and strip of video tape. As you swipe the card past a pick-up coil, the changes in magnetization are converted into a changing electrical current. Recording is achieved in exactly the opposite way.

In commercial security systems, it is usual that the only info on the card is an ID number - everything else is stored on a central server.

The server contains information about which doors you can open, how much credit you have on your account, etc. Most servers also keep a record of when and which doors you opened/attempted to open, etc. to allow auditing and detection of suspicious behaviour.

For extra security, some systems, as well as storing the ID number on the card, store a password. The first stage of verification is for the server to check that the password matches that stored in its database. This prevents a hacker just programming 100 or 1000 cards with random ID numbers in the hope that he will find some that work.

Some variants of this system also include an encrypted copy of the data on the card. The card reader is then able to decrypt the security data and check it with the unencrypted data. This check can be done without access to the central server - this means that even if the network or server is compromised and ID numbers and passwords obtained, it still won't be possible to make fake cards.

A few years ago, a massive operation to rip-off ATMs was uncovered in the UK. When raided they were found to have hundreds of custom made 'spyware' replacements for telephone exchange line cards - the plan was evidently for insiders at the tel. co.s to swap out the line cards serving banks and ATMs are replace them with the modded versions which would harvest the traffic.

It is unclear if they would have succeeded even if they had not been caught - for a start all communications to/from ATMs are encrypted, and also the cards are protected by a mechanism similar to that described above, so that even if they had obtained valid data, they couldn't have made any fake cards.

 

[Noriaki]

Like Mark R said, it's more or less the same thing as Tape backups (or VCRs, or even audio tapes) tapes magnetic type.

I can extend you the same offer as wake, if you want detailed information I work with people that could give it to you, but you'd have to prove to them that it's legitimate. If you just want the general idea Mark R's post explains it in more detail than most people need.

 

[~zonker~]

Mag Stripe Readers (cheap??)

More Info on Standards Here

 

[Buddha Bart]

Well basically my curiosity started like this.

My card is starting to fail at the reader to get into my building. And yet, odly enough, it works find at all the snack machines, cafe's, and cafeteria. So I began to think that the card must have diffeernt info for different machines. For instance, building acces on one line, money on another, etc.

Other than that, its mostly because I'm a geek, and once I get into somthing I tend to try to be an expert before I stop reserachign it

bart