Criminals always seem to find a way to get around security measures, and the magnetic stripe is no different. The move toward EMV chips on credit cards is driven, in large part, by how easy it is for criminals to capture a customer’s information, then create a new magnetic-stripe card that can be used anywhere stripe-based cards are accepted.
In the 1960s retailers were using credit card imprinters, which made a copy of the embossed information on the card for the business to keep. The imprinting machines served their purpose, but they were time consuming, requiring manual checks initially and in later years phone verification for each sale. As more people started using credit cards and the transaction amounts increased it became clear there needed to be a better way to capture the customer’s data and process transactions quickly. Soon an IBM engineer came up with the idea of melting magnetic stripes that captured customer information onto plastic cards leading to a new milestone in the adoption of credit cards.
Inventing the Magnetic Stripe
Interestingly, the magnetic stripe (or strip) was not initially designed for credit cards. Forrest Parry, an engineer at IBM wanted to create a plastic identity card for CIA officials, and he was tooling around with magnetized tape. The story goes that Parry discussed his frustration with the process with his wife, who was ironing at the time, and she suggested ironing the strip to the plastic card. Once he figured out heat was the key to melting the strip onto the plastic, the magnetic stripe was born.
IBM took it from there. In the mid-1960s, Jerome Svigals led IBM’s project to find a way to make magnetic stripe technology work for credit card payments. Although Parry’s invention served as the foundation, Svigals’ team developed the technology that allowed information to be stored on magnetic stripes. The trick was to create a stripe that could cost-effectively be decoded by machines.
The first application of the magnetic stripe was in air transportation which served to introduce the new technology to the public and paved the way for the technology to be adopted by the credit card industry. Working with American Express and American Airlines, IBM first tried magnetic stripe card readers at O’Hare Airport in 1970. By 1973, it was being used on ID cards for bank and corporate employees and, over the decades that followed, it gradually became the standard.
How Magnetic Stripes Work
The secret in the technology behind magnetic stripes is the iron-based particles in magnets. For the particles to work, though, you need a corresponding reader that can produce a magnetic field. Since the information on the stripe can be modified, you’ll sometimes experience issues with magnetic stripe cards like hotel room keys being erased if it gets too close to an object with a magnetic field like a smartphone.
Although it’s too tiny to be seen, the iron particles on a magnetic stripe are actually in a coil called a solenoid. When introduced to a reader, that reader injects a voltage into the coil, which then allows the information to be recorded electronically. The type of stripe used on credit cards is more expensive than the one on a hotel card key, which means you can put your credit card close to your phone without worrying about erasing the data stored on it.
The Switch to EMV
All good things must eventually come to an end, and the magnetic stripe is losing its hold on the payments industry because of its vulnerability. According to New Republic, “A magnetic stripe contains all the financial information necessary to make a purchase. Once information gets stolen from a merchant, it can be encoded into a magnetic stripe and used with a new card. Smart cards in Europe and elsewhere encrypt that data and store it on a microchip, which is much tougher to replicate. More important, the cards also require a personal identification number (PIN) to work. This “chip-and-PIN” system introduces a second authentication, forcing thieves to have both pieces of information to successfully use the card. It’s a combination of advanced technology and simple common sense.”
Fraud has pushed the industry to find a way to more securely store information on the card, which has ushered in the EMV era. EMV is short for the three organizations that worked together to create the technology: Europay, MasterCard, and Visa.
With EMV, each transaction initiates a unique code, which means that even if a criminal intercepts the data, it’s useless beyond the current purchase. This embedded chip also makes it tougher for fraudsters to create fake cards using stolen information. Since making the official transition to EMV from magnetic stripes in 2015, Visa reports a near 80-percent drop in counterfeit payment fraud.
What’s on the horizon? For one, payments using radio waves are the next phase for the payments industry, but for the time being, consumers have cards equipped with EMV chips. Magnetic stripes still remain relevant, though, both as fall back for chips that fail and at locations like gas stations, which haven’t yet reached their mandatory compliance deadline. Stripes also remain on card keys at hotels, but that could change eventually, as well. The industry is gradually switching to smartphone-enabled systems that allow guests to access their rooms through a phone-generated digital key.
This post concludes the Cybersecurity History Calendar article series. We hope you enjoyed reading about the topics we featured as much as we did writing about the innovations that shaped the security industry.
For more on the cybersecurity history topics we covered please see the following posts.