OT: platby kartami, bolo Re: platba do americka
Pavel Novotný
novotny.pp na atlas.cz
Středa Srpen 18 15:31:30 CEST 2010
Ja si tim jsem jisty na 100%, nejstarsi kartu, kterou jsme nasel v supliku
je danska karta z roku 1997 a i na ni jiz PIN není.
Pokud jde o data na karte, je na to norma, zde je to co je na VISA
Track 1,
Start sentinel - one character (generally '%')
Format code="B" - one character (alpha only)
Primary account number (PAN) - up to 19 characters. Usually, but not always,
matches the credit card number printed on the front of the card.
Field Separator - one character (generally '^')
Name - two to 26 characters
Field Separator - one character (generally '^')
Expiration date - four characters in the form YYMM.
Service code - three characters
Discretionary data - may include Pin Verification Key Indicator (PVKI, 1
character), PIN Verification Value (PVV, 4 characters), Card Verification
Value or Card Verification Code (CVV or CVK, 3 characters)
End sentinel - one character (generally '?')
Longitudinal redundancy check (LRC) - it is one character and a validity
character calculated from other data on the track. Most reader devices do
not return this value when the card is swiped to the presentation layer, and
use it only to verify the input internally to the reader.
Track 2:
This format was developed by the banking industry (ABA). This track is
written with a 5-bit scheme (4 data bits + 1 parity), which allows for
sixteen possible characters, which are the numbers 0-9, plus the six
characters : ; < = > ? . The selection of six punctuation symbols may seem
odd, but in fact the sixteen codes simply map to the ASCII range 0x30
through 0x3f, which defines ten digit characters plus those six symbols. The
data format is as follows:
Start sentinel - one character (generally ';')
Primary account number (PAN) - up to 19 characters. Usually, but not always,
matches the credit card number printed on the front of the card.
Separator - one char (generally '=')
Expiration date - four characters in the form YYMM.
Service code - three digits. The first digit specifies the interchange
rules, the second specifies authorisation processing and the third specifies
the range of services
Discretionary data - as in track one
End sentinel - one character (generally '?')
Longitudinal redundancy check (LRC) - it is one character and a validity
character calculated from other data on the track. Most reader devices do
not return this value when the card is swiped to the presentation layer, and
use it only to verify the input internally to the reader.
Service code values common in financial cards:
First digit
1: International interchange OK
2: International interchange, use IC (chip) where feasible
5: National interchange only except under bilateral agreement
6: National interchange only except under bilateral agreement, use IC (chip)
where feasible
7: No interchange except under bilateral agreement (closed loop)
9: Test
Second digit
0: Normal
2: Contact issuer via online means
4: Contact issuer via online means except under bilateral agreement
Third digit
0: No restrictions, PIN required
1: No restrictions
2: Goods and services only (no cash)
3: ATM only, PIN required
4: Cash only
5: Goods and services only (no cash), PIN required
6: No restrictions, use PIN where feasible
7: Goods and services only (no cash), use PIN where feasible
Tak asi tak
PN
-----Original Message-----
From: hw-list-bounces na list.hw.cz [mailto:hw-list-bounces na list.hw.cz] On
Behalf Of APA
Sent: Wednesday, August 18, 2010 2:58 PM
To: HW-news
Subject: Re: OT: platby kartami, bolo Re: platba do americka
Ze to funguje trochu jinak je jasne. Ale ste si 100% jisty, ze hash pinu
neni na mag. prouzku?
Mam takove tuseni, ze synopsi rikal, ze je i v prouzku (a ze i z prouzku lze
rekonstuovat celou kartu). Ale hledat se mi to nechce.
Mimochodem jak vysvetlite, ze karty mbanky mely ve svete problemy (ze
znameho duvodu = ze na nich nebyl zapsan pin)?
2010/8/18 Petr Zahradnik <clexpert na clexpert.cz>:
> Původní zpráva ze dne 18.8.2010 od APA:
>
>> Pozorne sledujte terminal, nejprve vyhodnoti, zda je pin OK a az
>> nasledne vyhodnocuje online transakci (autorizaci) v kartovem
>> centru/bance...
>
> To je u čipové karty, protože čipová karta obsahuje kryptografický
> čip, který je chráněn tím PINem. PIN jde do čipu, čip podepíše
> transakci a pak výsledek putuje do kartového centra. Logicky čipová
> karta ověřuje PIN sama tím svým čipem. Od toho tam ten čip je.
>
> Zatímco u magnerického proužku to funguje úplně jinak.
>
> Petr Zahradník, počítačový expert
>
> ====================================================================
> Petr Zahradník, Computer Laboratory
> Obvodová 740/14, 400 07 Ústí nad Labem
> telefony: 910 256 000, 910 80 60 40, 475 501 627, mobil: 602 409 601
> web: http://www.clexpert.cz, e-mail: clexpert na clexpert.cz
> ICQ: 21215917, Live: clexpert na clexpert.cz, Skype: callto://clexpert
> ====================================================================
>
>
> _______________________________________________
> HW-list mailing list - sponsored by www.HW.cz Hw-list na list.hw.cz
> http://list.hw.cz/mailman/listinfo/hw-list
>
_______________________________________________
HW-list mailing list - sponsored by www.HW.cz Hw-list na list.hw.cz
http://list.hw.cz/mailman/listinfo/hw-list
__________ Informace od ESET NOD32 Antivirus, verze databaze 5375 (20100818)
__________
Tuto zpravu proveril ESET NOD32 Antivirus.
http://www.eset.cz
More information about the Hw-list
mailing list