—In recent years, the fraudulent cash withdrawal and transaction due to card skimming have become increasingly common. Even though cardholders are increasingly using smartcard and personal identification number (PIN) technology, there are businesses and services still rely on magnetic stripe data transaction in American and Asia-Pacific countries. The personal data on card’s magnetic stripe is not encrypted and hence prone to identity theft and counterfeit card frauds. This paper proposes a framework to enhance the security of magnetic stripe data transaction. The proposed framework consists of two main components: Electronic Transaction Card (ETC) and Issuer Authentication Software (IAS). The ETC is embedded with magnetic stripe emulator which dynamically generates a varying electromagnetic field when the credit/debit card is being swiped across the reader head. The dynamically generated electromagnetic field corresponds to user information that is typically encoded on a static magnetic stripe. The user information can include cardholder’s account number, encrypted Transaction Identification Number (TIN), and even secret codes to enhance the security. The IAS, at the card issuer’s backend mainframe system, decodes the user information together with TIN received from merchant’s point-of-sale terminal to authenticate the transaction. The proposed framework/infrastructure, with dynamic magnetic stripe data broadcast feature, counteracts card skimming and achieves an enhanced security for magnetic data transaction technology.
—Electronic smartcard, magnetic emulator, electronic payment system, healthcare system.
The authors are with the School of Computer Engineering, Nanyang Technological University, Singapore (email: email@example.com, firstname.lastname@example.org, email@example.com )
Cite: Lakshmisha Honnegowda, Syin Chan, and Chiew Tong Lau, "Security Enhancement for Magnetic Data Transaction in Electronic Payment and Healthcare Systems," International Journal of Engineering and Technology vol. 5, no. 2, pp. 331-335, 2013.