By BankingMyWay.com Staff
The 2007 data heist of the TJX Companies (Stock Quote: TJX) computer systems, which reportedly affected 45.7 million customers, made many consumers question just what information is stored on their credit cards. In truth, the magnetic stripe, also called the magstripe, on the back of credit cards does not contain your most vulnerable personal information. It does, however, have enough information to make you susceptible to fraud and identity theft.
A credit card’s magstripe works similarly to cassette tape. It uses tiny magnetic particles, which are embedded in plastic, to encode information. The pole orientation of the particles—north or south—determines what is written on the magstripe. A magstripe can hold approximately 100 bytes of information. On a credit card, this information typically includes:
This information is all that is needed to process a credit card transaction. A credit card holder’s social security number (SSN) and address are not contained on the magstripe itself.
The information on a magnetic stripe is obtained when it is swiped through a reader, which is a microcontroller-based device. The information is formatted on three tracks, but only the first two are commonly used by credit card issuers. The reader is programmed to collect the data at the point of sale and send it via modem to an “acquirer.” The acquirer is charged with authenticating the information and guaranteeing payment to the merchant.
When a credit card is stolen, the information printed on the card itself is just as useful to thieves as the information contained on the magstripe. In most cases, the only security measure that prevents thieves from using a credit card is the signature, which can be easily forged. In self-serve kiosks (such as gas station terminals) where no one checks the signature, there are few impediments to fraud. Some gas stations are now requiring customers to enter the billing ZIP code to complete transactions, however.
The break in of the computer data systems of TJX Companies shows that retailers storing their customer’s credit card information may a bigger threat to consumers than the physical theft of a credit card. At least when a credit card is stolen, the consumer knows it and has the opportunity to cancel the card and prevent fraud. Once information from a magstripe is entered into a retailer’s data collection system, the consumer loses control over how well that information is protected.
The only way to protect yourself from the type of fraud some TJX customers experienced is to monitor your credit card statements and credit report carefully. The information stolen from your magstripe can be used to make duplicate credit cards, which thieves can use to draw money off your card or out of your account.
—For more ways to save, spend, invest and borrow, visit MainStreet.com.