Is this the end for the magnetic stripe?

3 months ago 43

As he slipped the key card into the reader on his hotel room door and tried the handle - to no avail - he realised what he had done.

For years, Steven Murdoch, a security researcher at University College London, had taken care not to put tickets or cards with magnetic stripes in his pocket next to his smartphone. This is because the magnets in smartphones are sometimes strong enough to wipe the data on magnetic stripes.

But so-called magstripe hotel key cards are rare these days, increasingly superseded by contactless cards with radio frequency identification (RFID) chips inside them.

As such, during his hotel visit in January this year, Prof Murdoch forgot to take precautions and, he concludes, wiped his room key – having used it only once.

“I should have known better, this is the sort of thing I do know about,” he says. Upon arriving back at reception, he realised he was not alone.

“There was a queue of people with exactly the same problem as me,” he recalls.

The magnetic stripe was invented by an IBM engineer, external in the 1960s – his wife was instrumental in the process as it was she who suggested melting a strip of magnetic tape onto a card using a clothes iron.

In the decades since, magstripes have been used on bank cards, rail tickets, IDs and even cards containing medical information, to set up hospital machines.

But that murky brown strip of plastic usually made with polluting heavy metals may not be around for much longer.

From this year onwards, for instance, Mastercard will not require banks to put a magnetic stripe on debit and credit cards.

For ticketing, new technologies including printable barcodes and reusable contactless cards are considered more environmentally friendly and potentially more convenient.

You also can’t wipe them by accidentally putting them too close to your iPhone.

There are, broadly, two kinds of magnetic stripe, called HiCo and LoCo. The latter is cheaper, less durable, and more susceptible to disruption from magnets, says Lee Minter, head of global operations at Nagels, which makes magstripe tickets and other products. Recently, the company investigated reports from a customer who said multiple magstripe tickets they had bought had got corrupted.

Mr Minter says he can’t be 100% sure but he and his colleagues are of the opinion that it was caused by part of a circular magnet within the customer’s iPhone.

“It matched perfectly to the area which had been wiped,” he says.

In response, Apple says: "Smartphones and other items contain magnets or components that may have a risk of demagnetizing low coercivity cards. To prevent this from happening, users should keep these cards stored separately."

While such disruption remains relatively rare, Mr Minter says that the magnetic stripe is declining in popularity either way. Of the five billion tickets Nagels prints every year, less than one-fifth now have magnetic stripes, he estimates.

Mr Minter is keen to stress the potential of thermally printed paper tickets, much like receipts, which are now being used in trials at multiple rail stations around the UK. These come with a QR code that can be used on ticket barrier scanners. There is a separate code on the back to stop people forging tickets.

Stuart Taylor, head of commercial development at Northern, a train operator, says 70% of his firm’s customers now buy digital tickets and that Northern could axe the familiar orange-trimmed, magstripe-sporting versions in just five years’ time.

“There is a clear environmental benefit,” says Mr Taylor. “Times change, I guess.”

Northern is now trialling the thermally printed paper tickets made by Nagels as an alternative. There have been some issues with printer jams and the tickets getting stuck in ticketing machines but these problems have largely been addressed, says Mr Taylor.

He emphasises that there are no plans to withdraw paper tickets, nor to cut any staff involved in ticket sales.

Are there any benefits to keeping magstripe cards or tokens around?

“No,” says Sue Walnut, product director for intelligent transportation systems at Vix Technology, bluntly.

She argues there are now so many different ways of validating a rail ticket - for example, QR codes presented on phone screens, tickets printed at home, prepaid contactless cards - that there is less need to retain magstripe technology than ever before.

But magstripe tickets and entry cards do slot conveniently into credit card holders in wallets and purses. The new paper tickets being trialled by Northern and other rail firms are larger. “They are a bit unwieldy and cumbersome,” says Ms Walnut.

Magstripe has hung around for so long partly because it is relatively cheap and the specifications for reading machines were put in place many decades ago, says Stephen Cranfield at Barnes International, which makes equipment for magnetic stripe testing.

“If you took your card today and used it in a magstripe reader from 1970, it would still be able to read it,” he says.

His firm has worked on a variety of systems - including one designed to allow kidney failure patients to use a magstripe card for setting up their dialysis machine.

Despite the ubiquity of dark brown or black magstripes, they can actually come in a whole range of colours. “It’s quite popular in China, actually – gold stripes,” explains Mr Cranfield.

But now that US banks are finally switching to chip and PIN cards, the market for magstripe is clearly dwindling.

Prof Murdoch says although magstripe technology is extremely well established, it is “inevitable” that it will gradually disappear. One downside to that, he suggests, is that magnetic stripe failures and fraud are currently well understood. Newer technologies, while in theory more secure, may also be more complex - and therefore exploitable by criminals using novel methods.

Sometimes, members of the public contact Prof Murdoch when they are having trouble proving to their bank that they have been the victim of fraud.

“If the transaction was done by magstripe, then it’s a very easy argument to say someone copied it,” says Prof Murdoch as he points out the irony. “But if the transaction was one of the more secure methods - then it’s much harder.”

Read Entire Article