- American Express: 34xx and 37xx
- JCB: 35xx
- Visa: 4xxx
- Mastercard: 50xx to 55xx
- Discover: 64xx and 65xx
As stated the IIN accounts for the first six digits of the 16-19 digit credit card number, including the Card Verification Validation (CVV) code. The next seven to 18 digits represent the customer's account number; whereas, digits 16 to 19 are reserved for the CVV. Credit card numbers are validated using the MOD 10 algorithm. "The MOD 10 algorithm is a checksum (detection of errors) formula which is the common name for the Luhn algorithm." There are also a plethora of standards that are associated with magnetic based cards:
- IEC 7180 (format ID-1) defines the credit card dimensions.
- IEC 7812 defines the first digit of the IIN as a "major industry identifier":
- 0 - ISO/TC 68 and other industry assignments
- 1 - Airlines
- 2 - Airlines, financial and other future industry assignments
- 3 - Travel and entertainment
- 4 - Banking and financial
- 5 - Banking and financial
- 6 - Merchandising and banking/financial
- IEC 7813 mandates physical card characteristics and magnetic track data structures
If we look at an example credit card number provided by PayPal to test credit card numbers, we can easily parse it given the above information. For example, credit card number: 6011000990139424
- IIN digits: 601100 (Discover)
- Customer Account Number digits: 0990139424
- CVV: Omitted by Paypal to prevent usage.
Card swipers read data from the credit card's magnetic strip and display it based on the desired "track" number. It should be noted that hotel room keys also use this same format; although, the track type is subject to the implementation. It is easy to discern the first track based on the initial character or sentinel start. Track 1 begins with a start sentinel ASCII percent character "%" followed by the letter "B" denoting its format code. It is followed by the Primary account number (e.g., credit card digits) with each additional field separated by the "^" character. The CVV may also be separated from the PAN and is trailed by the end sentinel or "?" question mark. An example of track 1 data is as follows:
%B6011785948493759^DOE/JOHN L ^^^0000000 00998000000?
Track 2 data similarly initiates with a start sentinel (";") followed by the PAN and a separator of an equal sign ("="). Like Track 1 data, it's successor also has an end sentinel question mark character. Track 3 specifications for financial institution cards is outside the scope of this post.
Card Reading Tips:
- The following regext will parse track 1 data into its six groups:
- ^%([A-Z])([0-9]{1,19})\^([^\^]{2,26})\^([0-9]{4}|\^)([0-9]{3}|\^)([^\?]+)\?$
- For reading track 1 and 2 data, I have had some success with the following card swiper:
- "MagTek 21040108 Triple Track Magnetic Stripe Swipe Card Reader with USB Keyboard Emulation and 6' Cable, 50 in/s Swipe Speed, Black"
- Echo output to file on Windows OS
- C:\ TYPE CON > output.txt
- Press Ctrl + C to exit.
- Echo output to file on Linux OS
- $ cat 2>&1 | tee outfile
References:
- http://www.getcreditcardnumbers.com/
- http://publicaa.ansi.org/sites/apdl/Documents/Other%20Services/Registration%20Programs/Important-Info.pdf
- https://www.paypalobjects.com/en_US/vhelp/paypalmanager_help/credit_card_numbers.htm
- https://en.wikipedia.org/wiki/ISO/IEC_7180
- https://en.wikipedia.org/wiki/ISO/IEC_7812
- https://en.wikipedia.org/wiki/ISO/IEC_7813
- https://en.wikipedia.org/wiki/ISO/IEC_4909
- https://en.wikipedia.org/wiki/ISO/IEC_7813
No comments:
Post a Comment