Browse Prior Art Database

Limiting the Lifetime of Credit Card Data

IP.com Disclosure Number: IPCOM000199714D
Publication Date: 2010-Sep-15
Document File: 1 page(s) / 21K

Publishing Venue

The IP.com Prior Art Database

Abstract

Disclosed is a method to prevent misappropriation of magnetic stripe information. Magnetic stripe data (such as with a credit card numbers) can remain dormant for a very long time (even days) after a card is swiped. Consider the following scenario: 1. A retail customer swipes a credit card. 2. Software to read and handle the card data is not running. This magnetic stripe data (MSD) can remain in the point of sale (POS) hardware indefinitely, and it becomes a risk for theft.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 100% of the total text.

Page 1 of 1

Limiting the Lifetime of Credit Card Data

There are two main places where MSD can be dormant:

It can remain in the magnetic stripe reader (MSR)

It can remain in the possession of the software (such as a device driver) before

arrives at to its final destination.

Definition of Dormant MSD: MSD is dormant when it is stored too long after being

collected. The length of time can vary according to how it is used. For example: MSD

probably should be considered dormant in an MSR after no more than a few seconds.

Otherwise another customer could make a purchase using the first customer's credit

card. MSD should be considered dormant in a retailer's database for a few days or

weeks - however long it takes for them to get payment.

Method 1:
When software attempts to read dormant MSD from the MSR, the MSR either returns

null data or it produces an error condition.

Method 2:

The device driver reads MSD directly from the MSR into an encapsulated MSD object

(EMSDO). The EMSDO contains two pieces of private data:

MSD (for added security, this should be encrypted)

A time stamp (this time stamp is saved when the MSD is collected)

The EMSDO is immutable. All EMDSO reads will compare the current system time with

the private time stamp. If the MSD is found to be dormant, the read method either

throws an exception or it returns null data. If the MSD is not dormant, the MSD is

returned.

1