Slashdot Mirror

← Back to Stories (view on slashdot.org)

Magnetic Stripe Snooping at Home

Posted by ryuzaki0 on from the because-you-can dept.

pbrinich writes "Have you ever wondered what information is actually stored on all those cards you have in your wallet? Well, it turns out you can find out yourself! An excellent project, Stripe Snoop started by Billy Hoffman, a Georgia Tech computer science student, contains schematics, source code and a wide variety of information about the standards used to store all sorts of information on your magnetic cards."

5 of 397 comments (clear)

  1. Missing Information by jgbishop · · Score: 4, Insightful

    I'm just shocked at what *isn't* on my cards. For example, every time I go to my bank's ATM, I have to indicate whether I want to do business in English or Spanish. Shouldn't that information be on the card? I mean, the card is *mine* - they know who I am. Surely that should indicate what language I speak...

    --
    Go, and never darken my towels again! -- Rufus
    1. Re:Missing Information by swillden · · Score: 5, Insightful

      I'm just shocked at what *isn't* on my cards. For example, every time I go to my bank's ATM, I have to indicate whether I want to do business in English or Spanish.

      Well, if you were the engineering committee assigned the task of defining the standard data structures to be placed on all ATM cards, thinking about account codes, card verification codes, etc., and realizing that you have limited space to work with without adding more tracks (meaning more expensive readers and perhaps even slightly more expensive cards), would it have occurred to you to put the cardholder's language preference in there?

      I can tell yout that it wouldn't have occurred to me. And these data layouts can't be changed without going through a formal standards process, because they have to work in every ATM in the world (and now at many grocery stores, department stores, etc.).

      So, I'm not surprised at all that that data isn't there. If you want to be surprised by this, you should probably be surprised that the bank didn't choose to store your language preference in their database and then look it up when you swipe your card. That's the sort of feature that a bank can offer to its own customers at its own ATMs without having to get the rest of the world to agree.

      --
      Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
  2. Time to start the over/under pool by aendeuryu · · Score: 5, Insightful

    Since one of the listed articles talks about common security blunders with cards, it's time to start the over/under pool on how long it takes before this guy gets shut down by some corporation claiming DMCA violations.

    I call one week.

  3. Nothing new to thieves by szlevente · · Score: 5, Insightful

    I don't think articles such as this one will bring anything new to those who are in the business of credit card stealing. But it should serve as an eye-opener and for raising awareness for the average card user. Being a little more careful with that card should help a lot, I guess. Besides, I let the bank use my money for a reason, right? They should take the risk on themselves...

  4. Re:University IDs by dave420 · · Score: 4, Insightful
    What do you mean privacy? Someone could follow you around, quite legally, and make a note of ALL of that information. That's just as legal.

    I'm not being weird here, but if you're in public you don't have a right to privacy. That's why it's called public and not private.

    Fair enough if they were spying in your private residence or something, but seeing when you go into a room is nothing. Especially considering it's their university, so like you in your house, can do anything that doesn't violate a law. As they violated no laws, it's all cool.