Hi Dw

I'm currently doing my research on card development and processing. I've found out that this card has three tracks but only track 1 and two are encoded and by the look at these data I then wandered that is there a way to decrypt the info stored in this card because track one has some numbers and ^ and my name on it and space and / and some numbers but I just read the ANSI x4.16 and saw that these numbers represent information and what I just thought is to develop a program to decrypt but the question is how to do that in vb.

Anyone knows how to do this or has some references that I can look at or documentations about this.

Thank you.

Wiki Seems to provide useful information, more specifically

"Each track can either contain 7-bit alphanumeric characters, or 5-bit numeric characters."

It also provides information to each byte depending on the card. Baring in mind, depending on the card, and what is written to it, the values can be any alpha-numeric combination.

I don't think "as a standard" the data is encryptred at all.

Edited 2 Years Ago by J.C. SolvoTerra

Thanks I've just found a very interesting post labeled "How to Break VISA PVV" and it gives a guide on how to access the info but it focused on PST, PVV, and Bank PIN. The problem with that guide is that it uses some off topic math which is way complicated and hard. Here is the link to it: http://www.gae.ucm.es/~padilla/extrawork/visapvv.html the other problem is that how to do these calculation on vb.net because I had a problem with ~ sign

Did you know that the only data stored on a bank card is the information that is actually printed in plain view on the card. PIN, Address etc aren't in the magnetic data.

I once done some introduction on smartcard development using java and Gemalto or something like that but then I didn't have it but I used the JavaCard SDK that enlighten something. Keep in mind that for the PIN as you said is not encrypted within a card the PIN is verified instantly and as for an ATM when inserting a card you are waking up the ATM services and they are offline till you enter a PIN then if your PIN is correct then there are two programs running one getting the response(data) from CC (Control Center) and creates a text file in drive C:\ with the similar data that is available on the card so that the card can be updated and the data be matched easy and fast that is why data is in plain text and there is another program that gives the existence of this text file couple of few seconds after it was created the time is actually the file existence timeout so the while this time hasn't passed the third program is feeding(writing back the data to the card) then the second program delete the file.

If you want to test out this take for instance a Verifone POS terminal and on the back remove both sim cards or replace them with sim with a balance of 0.00 both airtime and data so that it won't connect online the take you card after turning the device on and swipe you will see what it will display.

Another better example is that the card has quite a number of tracks I think 6 but we are only using 3 but we mostly use 2 of which is Track1 and Track2 and you know that Track3 was mainly designed to let customers us ATM even when they are offline, now just a simple question based on this. If card wasn't encrypted with PIN how would the offline ATM verify that the user is actually the own of the card?

This article has been dead for over six months. Start a new discussion instead.