IMGCAP(1)]
Visa Inc. and Fifth Third Bancorp are conducting new tests of an old fraud-prevention technology that evaluates the unique physical properties of iron in the magnetic stripes on payment cards, reports American Banker, a CardLine sister publication. These characteristics are different for every card and can function as a financial "fingerprint" to help prevent stolen account data from being used to produce counterfeit cards, the companies say. "The right long-term goal is to make data unusable to criminals and, therefore, reduce the incentive to steal it," Ellen Richey, Visa chief enterprise risk officer, said last week at Visa's Security Summit in Washington, D.C. Don Roeber, vice president of merchant compliance at Fifth Third Bank Processing Solutions, said at the summit his company has installed about 1,000 card readers that have the components needed to evaluate the iron particles in mag-stripes. During a transaction, the terminals verify the stripe is affiliated with the account number being used and then generate one-time codes to authenticate the transactions. Because the technology generates a new code for each purchase, issuers know if they see the same code twice the second transaction probably is fraudulent. Fifth Third is conducting the test at several merchants, which the processor would not identify. The test began in February 2008 and Visa expects it to run through June. Washington University in St. Louis developed the technology and began licensing it in 1999 to payment equipment manufacturer MagTek Inc. (CardLine, 05/17/99), now of Seal Beach, Calif. The technology runs on terminals from VeriFone Holdings Inc. of San Jose, Calif. Andy Deignan, MagTek vice president of global marketing and strategy, says the technology can work with any mag-stripe card. "Because each stripe is unique and because they are magnetic in nature, each stripe gives off a low-level noise that is unique to the card," he says. "We use those properties to authenticate the card itself." Once the reader authenticates the card, it generates a 54-byte string of data to authorize the transaction. This code changes every time the card is used, and each one can be correlated to the fingerprint associated with the card. The technology also considers the age and degradation of the mag-stripe when comparing it to reference prints that issuers generally keep.
