Payment Card Industry meetings address future of card security

PCI Security Standards Council meetings review issues such as card fraud and encryption but overlook solutions

The Missing Piece

As previously mentioned, some inaccuracies do exist within the Emerging Technology review. Most notable was the failure to recognize that there are embodiments of magnetic stripe imaging that also provide dynamic payment card data features. This lack of recognition was an unfortunate omission of information because it would have allowed the audience to understand that it is possible to completely secure payment transactions using the magnetic stripe cards that exist today. Also missing from the presentation was the ability to discuss technology platforms that combine multiple elements of the aforementioned security capabilities into a single platform.

While some experts are proposing to phase out magnetic strip cards in favor of more expensive contactless payment systems or chip technology, there are alternative technologies that offer a cost-neutral solution that won't require the reissuance of the three billion cards in use today. One example is our own technology from MagTek called "MagneSafe."

Dynamic Card Data Authentication Via Digital Fingerprints

Much like our DNA, no two pieces of magnetic tape are the same. Each stripe on the back of a credit card contains billions of ferrous oxide particles of various shapes and sizes that mix in random patterns when the magnetic slurry is prepared. Those patterns are sealed in place when the slurry dries during the tape manufacturing process and give the stripe a unique identity or fingerprint. The distinct magnetic signal, like a human fingerprint, remains largely unchanged for the life of the card, yet provides dynamic data characteristics each time it is used.

During a card transaction, the technology reads the unique and dynamic magnetic noise or 'magnetic fingerprint' that is imbedded in each magnetic stripe card, and compares it with a 'reference print' on file. By reading this information, the system can determine in real-time whether a card has been copied, cloned or tampered with, and in doing so, can help the financial community render every counterfeit card worthless. Most importantly, this technology also provides a dynamic card data value that is unique for each transaction. In doing so, it provides the ever important "dynamic payment card data" capability that is referenced in the PCI Emerging Technology report. In short, MagneSafe provides the benefits of both card authentication and dynamic card data for each transaction.

Such a method of dynamic card data authentication would allow for complete end to end security of cardholder data and would provide a means to detect and eliminate the use of counterfeit payment cards. Importantly, these security capabilities would lessen the value of stolen cardholder data to the criminal community because it would eliminate their ability to redeem value from the stolen data via counterfeit cards. Additionally, the technology can provide these capabilities while utilizing the existing magnetic stripe cards that consumers already carry in their wallets today. In other words, banks and financial institutions will not need to reissue or change existing magnetic stripe cards, and consumers don't need to change existing behavior. Not to mention that this technology costs a fraction of a penny per card, which is less than many alternative solutions on the market today.

As the card payment community considers the information presented at the recent PCI Community Meetings, we should embrace the idea that overall card payment security needs to go beyond protection of data to include authentication and dynamic data elements as well. As this thought process continues, it is increasingly important to recognize that there are existing authentication technologies that are proven alternatives which would allow the United States to secure its card payment infrastructure with existing magnetic stripe technology.