We usually use it daily credit or debit cards, as well as SIM cards for connected devices. However, these magnetic stripe or chip-based cards are relatively unknown in terms of how they work. Here we will make an introduction on the subject so that you know more about these cards.
In addition, you will learn that you can also use these boards for your projects, such as IoT projects, card readers with Arduino, and much more…
How a magnetic stripe card works (credit/debit card, others)
There are still magnetic stripe cards, but it is slowly becoming a relic of the past. Whatever it is, it is nothing more than a plastic or paper card, about the size of your palm, with a dark stripe on the back. That dark part is the magnetic stripe, where your information, such as your name, account number, and expiration date, is stored, embedded in tiny iron particles inside the stripe using magnetism. That is why they were so delicate and you couldn’t leave them near strong electromagnetic sources or you couldn’t damage that part with scratches, wear, etc., because the information would be lost and they would stop working…
When you swiped your card through a reader (such as at a store cash register), the reader would “decode” the information on the strip, granting you access or processing your payment. band had three tracks (Track 1, Track 2 and Track 3), each with different data, each with its own data format and storage capacity. The reader head detected changes in the magnetic field of this band and converted them into electrical signals that could be processed by the electronic device.
Currently, there are several manufacturers of this type of cards, companies that supply companies such as American Express, VISA, MasterCard, etc., such as Zebra Technologies, Evolis, Matica Technologies, Nisca, and Datacard, among others.
History
The concept of magnetic data storage using coated stripes is credited to a German engineer in the 1920s. However, the magnetic stripe card itself came in the 1960s, with an American engineer at IBM credited with inventing, that is, combining the German idea with the plastic card. The story goes that the tip of his wife's iron solved the problem of attaching the magnetic stripe to the card. American Express is believed to have been the first to introduce magnetic stripe credit cards in 1970.
Despite facing initial challenges, IBM managed to develop a method to securely attach the magnetic stripe to the card using heat. This pioneering work by IBM laid the groundwork for the creation of the magnetic stripe cards we know today. Beginning in 1969, significant technological advances were made that allowed the technology to be standardized and implemented on a large scale.
FOR ensure interoperability and security For magnetic stripe cards, several international standards have been established. These standards, such as ISO/IEC 7810, 7811, 7812, 7813, 8583 and 4909, define the physical characteristics of cards, including their size, flexibility, magnetic stripe location, magnetic characteristics and data formats. In addition, the standards also specify characteristics for financial cards, such as the assignment of card number ranges to different issuing institutions.
Vulnerabilities
Unfortunately, magnetic strips were vulnerable to fraudA device called a “skimmer” could be placed at ATMs or gas pumps, silently reading your card information so criminals could create counterfeit cards. This skimming caused significant financial losses, as you may know from a case of your own or from news reports.
Although magnetic stripe cards may last a few more years, his days are numbered. Major credit card companies are phasing them out in favor of more secure chip technology. By 2029, Mastercard, for example, will stop issuing new magnetic stripe cards (except for prepaid cards in certain regions), and other providers are doing the same.
These chips, often called EMV chips (named after the companies that developed the technology), store the same information as magnetic stripes but offer significantly better security. Think of it as upgrading a simple lock to a high-tech security system, without being vulnerable to so-called skimming.
While EMV chips have become the standard in many countries, the transition has been slower in some places, particularly the United States. This is primarily due to the cost of upgrading card readers. However, as the benefits of EMV become more apparent, the shift is accelerating.
How a chip-based card (SIM card, credit/debit card) works
In this section, we have to differentiate between SIM card chips and bank card chips, as they have slight differences:
SIM Chips
A SIM card, short for Subscriber Identity Module (Subscriber Identity Module) is a small chip embedded in a small plastic card. It is the heart of GSM (Global System for Mobile Communications) networks and acts as a key player in connecting users to the mobile network.
Thanks to these cards you can identify and authenticate the user within the mobile network The SIM card is a secure, secure and secure communication service provided by the communications provider, as well as providing connectivity services, data storage such as contacts and other information, and other functions. A SIM card also stores information such as the subscriber identification number (IMSI) and other personal data of the user. When the SIM card is inserted into a mobile device, it sends the IMSI to the base station for verification. The base station uses the authentication key to verify the user's identity and establish a secure connection.
As you may know, there are several types or formats of SIM cards depending on their size, such as conventional SIMs, which are the largest, MiniSIMs, MicroSIMs and NanoSIMs, each one smaller than the last, and which have appeared as mobile devices have advanced. In addition, embedded cards have now appeared, which are soldered into the device itself, the so-called eSIM or embedded SIM.
Whatever type it is, they all work the same. Stores information This is crucial in a chip that cannot be seen with the naked eye when looking at the card, but is located under the gold contacts that are visible from the outside. These contacts are electrically linked to the inputs and outputs of the embedded chip, so that the contacts of the card reader can make contact with these gold tracks and thus access the chip.
These chips were first manufactured in the 60s, with the first smart cards using small MOS chips with memories such as EEPROM to store certain information. However, the SIM card as we know it was an ETSI specification, called TS 11.11, which was introduced later and has been manufactured by a number of factories, such as SecureID Limited, Japan Aviation Electronics Industry, Cardzgroup Limited, EDCH, Ingo Stores, Workz, MelitaIO, etc.
There are currently billions of such chips circulating around the world in all kinds of mobile devices and also in other areas that require data connectivity, such as IoT.
If we go into more technical details, we find that SIM cards use chips that operate at 5v, 3v and 1.8v In the latter cases, it depends on the type of card. The chips are only a few millimetres in size, on a small silicon wafer, 4x4mm, and with gold contacts.
On the other hand, the capacity of these cards is usually not too high, they range from 8 KB of the first ones, to some current ones of 256 KB, but all of them can store a maximum of 250 contacts from our address book, and the rest of the memory is reserved for other information: ICCID, IIN, MIM, Check digit (used for the Luhn algorithm), Ki (or Authentication key) of 128-bit, etc.
With this you can do it the authentication process:
- When the device with the SIM card inserted is switched on, it obtains the IMSI and sends it to the mobile operator, requesting access and authentication. The mobile device may have to enter a PIN into the SIM card before it reveals this information.
- The operator's network searches its database for the incoming IMSI and its associated Ki to identify whether it is a user subscribed to the network service.
- The provider's server generates a random number (RAND) and signs it with the Ki associated with the IMSI, calculating another number that is divided into the Signed Response 1 (SRES_1, 32 bits) and the encryption key Kc (64 bits) using an encryption algorithm.
- The operator then sends the RAND to the mobile device, and it will be written to the SIM. From there it is signed with the SIM's Ki, producing in turn a Signed Response 2 (SRES_2) and Kc to the device where the SIM card is inserted and the device in turn sends SRES_2 to the operator's network.
- The calculated SRES_1 is now compared with the calculated SRES_2 returned by the mobile device. If they match, access to the network services is granted. All this is done in a matter of seconds…
EMV Chips
EMV is a technical standard for smart payment cards and payment terminals. and ATMs that can accept them. EMV stands for “Europay, Mastercard and Visa”, the three companies that created the standard. Although it may seem like a very different technology from SIM card chips, they are actually quite similar, which is why I have grouped them together in this section. In fact, even at first glance they look very similar.
EMV cards are smart cards that store data on integrated memory chips, as in the case of SIM cards. However, compared to magnetic stripe cards, security has been improved, with new advanced encryption algorithms to protect data and prevent cloning, making them invulnerable to classic skimming. Although they are not free of vulnerabilities, at least their multi-factor authentication provides more security for transactions.
The PIN that we all use with our cards is stored in the chip under encryption using secure algorithms such as Triple DES, RSA and SHA. In addition, some credit/debit card providers also provide proprietary security solutions such as Verified by Visa, Mastercard SecureCode, Strong Customer Authentication, etc., which are software-based when these chips are read by readers.
As to process In this type of cards, it is as follows:
- Application selection.
- Start of the application process.
- Reading application data.
- Processing restrictions.
- Offline data authentication.
- Certificate.
- Verification of the card holder or card reader.
- Terminal risk management and taking action if necessary.
- Analysis of card actions.
- Transaction authorized online…
EMV chips, whose first version of the standard was published in 1995, have come with several new revisions with two levels of compatibility: Level 1 for physical, electrical, and transport interface compatibility; Level 2 for payment applications and financial transaction processing.
How RFID contactless cards work (MIFARE and NFC,…)
The cards MIFARE, NFC and RFID are technologies that allow identification and data exchange wirelessly, at short distances, without the need for contact, as in the case of the previous ones. Although they are often used interchangeably, each has its own particular characteristics.
- RFID (Radio Frequency Identification): RFID is a technology that uses radio waves to uniquely identify objects. An RFID tag contains an embedded chip and an antenna. When brought close to an RFID reader, the tag sends a unique identifier to the reader. This system is used in a wide variety of applications, from access control to inventory management.
- MIFARE: is an RFID specification developed by NXP Semiconductors. It uses the 13.56 MHz frequency and offers different levels of security and storage capacity. MIFARE cards are commonly used in access control systems, public transportation, contactless payments and other applications that require secure identification.
- NFC (Near Field Communication): short-range communication that enables connection between electronic devices. NFC is a subset of RFID that operates at the same frequency (13.56 MHz) and uses open standards. Smartphones, contactless credit cards, and other devices can use NFC to make payments, share data, and connect to other devices.
Any of these cards works through a chip with stored information that can be read by a contactless reader from a certain distance. Typically you just need to swipe the card nearby, not swipe or insert it into a slot as with previous technologies.
In order for them to work, they have a small chip that acts as a brain and stores the information to be transmitted. They can only store a very small amount of data. On the other hand, they are complemented by an antenna (a kind of conductive coil, sometimes flexible) which is the part that allows communication between the card and the reader, and which is used for the waves emitted with the information. It is precisely for this reason that they can be insecure, since with a nearby reader said information could be intercepted…
Arduino board modules
Finally, you should know that There are modules for Arduino that you can use to start experimenting with these cards, and thus learn or take advantage of their operation for your projects. You can use them to create identifiers for access with electronic locks that you have created, as well as other detection, traceability, clocking, etc. systems. If you are interested in this, you can see these devices that we recommend:
I hope I've helped!