Credit Cards Working and Safety

What Credit Card Numbers Mean

Although phone companies, gas companies and department stores have their own numbering systems, ANSI Standard X4.13-1983 is the system used by most national credit-card systems.

The front of your credit card has a lot of numbers — here’s an example of what they might mean.

Here are what some of the numbers stand for:

The first digit in your credit-card number signifies the system:

3 – travel/entertainment cards (such as American Express and Diners Club)

4 – Visa

5 – MasterCard

6 – Discover Card

The structure of the card number varies by system. For example, American Express card numbers start with 37; Carte Blanche and Diners Club with 38.

American Express – Digits three and four are type and currency, digits five through 11 are the account number, digits 12 through 14 are the card number within the account and digit 15 is a check digit.

Visa – Digits two through six are the bank number, digits seven through 12 or seven through 15 are the account number and digit 13 or 16 is a check digit.

MasterCard – Digits two and three, two through four, two through five or two through six are the bank number (depending on whether digit two is a 1, 2, 3 or other). The digits after the bank number up through digit 15 are the account number, and digit 16 is a check digit.

The Stripe on a Credit Card

The stripe on the back of a credit card is a magnetic stripe, often called a magstripe. The magstripe is made up of tiny iron-based magnetic particles in a plastic-like film. Each particle is really a tiny bar magnet about 20-millionths of an inch long.

Your card has a magstripe on the back and a place for your all-important signature.

The magstripe can be “written” because the tiny bar magnets can be magnetized in either a north or south pole direction. The magstripe on the back of the card is very similar to a piece of cassette tape

A magstripe reader (you may have seen one hooked to someone’s PC at a bazaar or fair) can understand the information on the three-track stripe. If the ATM isn’t accepting your card, your problem is probably either:

A dirty or scratched magstripe

An erased magstripe (The most common causes for erased magstripes are exposure to magnets, like the small ones used to hold notes and pictures on the refrigerator, and exposure to a store’s electronic article surveillance (EAS) tag demagnetizer.)

There are three tracks on the magstripe. Each track is about one-tenth of an inch wide. The ISO/IEC standard 7811, which is used by banks, specifies:

• Track one is 210 bits per inch (bpi), and holds 79 6-bit plus parity bit read-only characters.
• Track two is 75 bpi, and holds 40 4-bit plus parity bit characters.
• Track three is 210 bpi, and holds 107 4-bit plus parity bit characters.

Your credit card typically uses only tracks one and two. Track three is a read/write track (which includes an encrypted PIN, country code, currency units and amount authorized), but its usage is not standardized among banks.

The information on track one is contained in two formats: A, which is reserved for proprietary use of the card issuer, and B, which includes the following:

Start sentinel – one character

Format code=”B” – one character (alpha only)

Primary account number – up to 19 characters

Separator – one character

Country code – three characters

Name – two to 26 characters

Separator – one character

Expiration date or separator – four characters or one character

Discretionary data – enough characters to fill out maximum record length (79 characters total)

End sentinel – one character

Longitudinal redundancy check (LRC) – one character

LRC is a form of computed check character.

The format for track two, developed by the banking industry, is as follows:

Start sentinel – one character

Primary account number – up to 19 characters

Separator – one character

Country code – three characters

Expiration date or separator – four characters or one character

Discretionary data – enough characters to fill out maximum record length (40 characters total)

LRC – one character

There are three basic methods for determining whether your credit card will pay for what you’re charging:

• Merchants with few transactions each month do voice authentication using a touch-tone phone.
• Electronic data capture (EDC) magstripe-card swipe terminals are becoming more common — so is swiping your own card at the checkout.
• Virtual terminals on the Internet

This is how it works: After you or the cashier swipes your credit card through a reader, the EDC software at the point-of-sale (POS) terminal dials a stored telephone number (using a modem) to call an acquirer. An acquirer is an organization that collects credit-authentication requests from merchants and provides the merchants with a payment guarantee.

When the acquirer company gets the credit-card authentication request, it checks the transaction for validity and the record on the magstripe for:

• Merchant ID
  
• Valid card number
  
• Expiration date
  
• Credit-card limit
  
• Card usage
  

Single dial-up transactions are processed at 1,200 to 2,400 bits per second (bps), while direct Internet attachment uses much higher speeds via this protocol. In this system, the cardholder enters a personal identification number (PIN) using a keypad.

The PIN is not on the card — it is encrypted (hidden in code) in a database. (For example, before you get cash from an ATM, the ATM encrypts the PIN and sends it to the database to see if there is a match.) The PIN can be either in the bank’s computers in an encrypted form (as a cipher) or encrypted on the card itself. The transformation used in this type of cryptography is called one-way. This means that it’s easy to compute a cipher given the bank’s key and the customer’s PIN, but not computationally feasible to obtain the plain-text PIN from the cipher, even if the key is known. This feature was designed to protect the cardholder from being impersonated by someone who has access to the bank’s computer files.

Likewise, the communications between the ATM and the bank’s central computer are encrypted to prevent would-be thieves from tapping into the phone lines, recording the signals sent to the ATM to authorize the dispensing of cash and then feeding the same signals to the ATM to trick it into unauthorized dispensing of cash.

If this isn’t enough protection to ease your mind, there are now cards that utilize even more security measures than your conventional credit card: Smart Cards.

Smart Cards

The “smart” credit card is an innovative application that involves all aspects of cryptography (secret codes), not just the authentication we described in the last section. A smart card has a microprocessor built into the card itself. Cryptography is essential to the functioning of these cards in several ways:

The user must corroborate his identity to the card each time a transaction is made, in much the same way that a PIN is used with an ATM.

The card and the card reader execute a sequence of encrypted sign/countersign-like exchanges to verify that each is dealing with a legitimate counterpart.

Once this has been established, the transaction itself is carried out in encrypted form to prevent anyone, including the cardholder or the merchant whose card reader is involved, from “eavesdropping” on the exchange and later impersonating either party to defraud the system.

This elaborate protocol is conducted in such a way that it is invisible to the user, except for the necessity of entering a PIN to begin the transaction.

Smart cards first saw general use in France in 1984. They are now hot commodities that are expected to replace the simple plastic cards most of us use now. Visa and MasterCard are leading the way in the United States with their smart card technologies.

The chips in these cards are capable of many kinds of transactions. For example, you could make purchases from your credit account, debit account or from a stored account value that’s reloadable. The enhanced memory and processing capacity of the smart card is many times that of traditional magnetic-stripe cards and can accommodate several different applications on a single card. It can also hold identification information, keep track of your participation in an affinity (loyalty) program or provide access to your office. This means no more shuffling through cards in your wallet to find the right one — the smart card will be the only one you need!

Experts say that internationally accepted smart cards will be increasingly available over the next several years. Many parts of the world already use them, but their reach is limited. The smart card will eventually be available to anyone who wants one, but for now, it’s available mostly to those participating in special programs.

Credit Card Safety

Although the numbers are increasing, consumers are still not using their credit cards on the Internet nearly as much as e-tailers (electronic retailers) would like. That’s why many cyber-merchants continue to offer a toll-free order number so that shoppers have the choice of calling their order in. Cyber-shopping may be convenient — and some people do all of their shopping online — but credit-card fraud is always a threat, both on the Internet and out in the real world. Hackers have found ways to steal credit-card numbers from Web sites.

To illustrate the importance of tight security, a network TV reporter, tipped off about loose security on an Internet Web-hosting site, was able to gain access to about 1,500 customer records, which included everything from credit-card numbers and payment records to comments about particular customers.

These are the kinds of stories that deflate consumer confidence. Some e-tailers blame consumer reluctance on the inability in cyberspace to make the kind of personal contact that a shopper gets when he looks into the eyes of a store merchant. Experts say that this kind of comfort level will be boosted when online payment methods and security measures are standardized — much as they are in the retail and mail-order industries.

While Internet companies have taken responsibility for security breaches and resulting losses to credit-card users, there remains the growing problem of identity thieves who use stolen credit cards to make purchases on the Internet. And while unfair or fraudulent practices by credit-card companies are not commonplace, they do happen. The good news is that consumers are protected by law — in case of credit-card fraud online or off, you are only liable for a maximum of $50 of the amount stolen.

And fortunately, the Federal Trade Commission (FTC) and the media are watching closely. In 1994, the FTC ordered TransUnion credit-reporting bureau to stop selling “sensitive” consumer data — data on 160 million Americans — to junk-mail producers. The FTC charged that TransUnion violated the Fair Credit Reporting Act by selling consumer information to target marketers who lack any of the allowable purposes listed under the act. TransUnion denies that it sold information that could affect customers’ appealed the FTC’s ruling, but lost.

If the mailing-list issue bothers you — and it bothers most of us — pay attention when you’re completing that credit-card application. Some application forms now provide a box that you can check to allow or disallow the selling of your information to mailing lists. You can also protect yourself by taking your name off the credit bureaus’ mailing lists.

One way to do this is to visit The Consumer Credit Reporting Industry Opt-Out Prescreen Web site. On this site you can fill out a form and opt-out of recieving pre-approved credit or insurance offers in the mail. You can also call 888-5-OPT-OUT (888-567-8688). Alternatively, you can write to the major credit card bureaus and request that your named be removed from their mailing lists.

When you write to these companies, include your complete name, name variations and mailing address, Social Security number and signature and state clearly that you want your name removed from their mailing lists. You can write any of these major reporting bure aus and they will contact the other major bureaus with your request:

Experian Consumer Opt Out, 701 Experian Parkway, Allen, Texas, 75013

Equifax Inc. Options, P.O. Box 740123, Atlanta, Georgia, 30374-0123

Trans Union Marketing List Opt Out, P.O. Box 97328, Jackson, MS 39288-7328

The Direct Marketing Association (DMA) tracks consumers who prefer not to receive solicitations by mail or phone. Check their Consumer Assistance site for more information. There are a lot of simple steps you can take to protect yourself and your credit card — starting with making sure you sign it as soon as it arrives in the mail.

These tips are important and universal:

1. Sign your card — as soon as you receive it! (Obviously, this is only as effective as the clerk who’s checking it.)
2. When you use your card at an ATM, enter your PIN in such a way that no one can easily memorize your keystrokes.
3. Don’t leave your receipt behind at the ATM. Your PIN and account number from a discarded receipt could make you vulnerable to credit-card fraud. Also, don’t throw out your credit-card statement, receipts or carbons without first shredding them!
4. Never give your credit-card number over the telephone unless you initiated the call. Even when you place the call to a legitimate merchant (such as a mail-order company), never give your card number out over a cordless phone. Radio scanners that eavesdrop on these conversations are available for a few hundred dollars at any electronics store, and your voice can be received by one from a far greater distance than the maximum useful range of your cordless phone. One common scam is when someone calls you “back” right after you place an order, claims to be from the merchant and tells you that there was a problem with your card number — would you mind giving it to them again? The best thing to do is ask for a contact name and call the merchant back at the number you used originally. 
5. Ignore any credit-card offer that requires you to spend money up-front or fails to disclose the identity of the card issuer.
6. Make certain you get your card back after you make a purchase (one habit to observe is to leave your wallet open in your hand until you have the card back). Also, make sure that you personally rip up any voided or cancelled sales slips.
7. Always keep a list of your credit cards, credit-card numbers and toll-free numbers in case your card is stolen or lost.
8. Check your monthly statement to make certain all charges is your own, and immediately notify the card issuer of any errors or unauthorized charges. (More on this later!)

Nokia E62

A Web-browsing wizard and e-mail chameleon, the Nokia E62 is poised to become a top handheld when it comes to U.S. consumers later this fall. And if what I’ve been hearing about the price is correct, it should be pretty easy on the wallet as well.

I spent a week with a buggy prerelease model of the E62. (Five ROM revisions passed while I was testing it, according to Nokia.) Even in its prototype state, the E62 had a tremendous amount going for it. It’s a big, flat slab that looks like a cross between an old-school BlackBerry and a Motorola Q redesigned by Saab. The 2.8-inch screen is absolutely gorgeous with a 320-by-240 resolution. Below the screen are four slightly confusing soft keys, menu and e-mail buttons, and a very usable joystick. This isn’t a touch-screen device, so you’ll be using that joystick a lot, but it’s a joy to use.
The E62′s keyboard is big, with square, rubbery, responsive keys. You’ll find a power button near the top of the handset and volume and voice-record buttons on the device’s side. Unfortunately, there’s no camera or visible memory card slot. The E62 does accept MicroSD memory cards to supplement its 90MB of internal storage, but you have to open the case and slip them under the battery. That is annoying.
The E62 runs the latest version of the Symbian operating system, version 9.1, with the Series 60 version 3 interface. If you’ve ever used a Symbian device, you’ll immediately feel the difference. The E62 is much quicker and more responsive than previous Symbian-based phones such as the Nokia 9300 and 7610. The Symbian OS is tremendously popular overseas, and it has a thriving ecosystem of third-party software. Although most of these applications were written for earlier versions of Series 60, updates for the E62 already exist.
Symbian’s flexibility shows up in the E62′s excellent e-mail, Web, and document-reading capabilities. Nokia’s own browser is the most desktop-like of any mobile Web browser I’ve used. It’s even able to handle difficult, JavaScript-laden pages such as the sidestep.com travel site. (It doesn’t support Java applets or embedded Flash, but, hey, this is a handheld.) The only thing missing is a one-column view—you almost always have to horizontal-scroll to read whole pages. Fortunately, the excellent Opera Mobile browser is also available for the E62, and it has a dandy no-scrolling mode.
The E62 comes with a POP3/IMAP e-mail program that handles attachments, but the smartphone also works with a dizzying array of push-mail software, including GoodLink, Intellisync, Visto, DataViz RoadSync for Microsoft Exchange servers, Consilient’s new push-POP/IMAP mail solution, and even BlackBerry Connect. Unbelievably, I loaded Consilient’s and GoodLink’s clients simultaneously without any problems. Consilient’s software is very basic—no attachment support or formatting—but it does push mail from POP and IMAP accounts and is very affordable ($5/month). GoodLink works much as it does on other platforms, including full integration with Microsoft Outlook e-mails, contacts, tasks, and notes.
The E62 comes with Microsoft Word, Excel, and PowerPoint viewer/editors that handle even Word tables, complex PowerPoint presentations, and multiworksheet Excel documents, although they do take a long time to open. I also managed to max out the 32MB of program memory with two e-mail clients and a 25-slide PowerPoint presentation running concurrently.

One problem that will certainly turn off some e-mail addicts: Neither GoodLink nor Consilient alert you to new messages or calendar items from the device’s home screen. BlackBerry and Intellisync do, making those solutions potentially more usable.
Battery life is always a concern when using push e-mail devices. My E62 clocked in at almost exactly 24 hours running both GoodLink continuously and Consilient intermittently. That’s on a par with what I’ve seen from Treos and Windows Mobile devices, but not as good as BlackBerrys. Talk time without GoodLink running, however, was an impressive 11 hours 12 minutes.
The E62 syncs with PCs via Nokia’s PC Suite software, a Microsoft Windows program (sorry, no Mac version) that has gotten slicker with time but still isn’t quite up to the standards of, say, Palm Desktop. PC Suite does sync contacts and calendars with Outlook and Notes and lets you convert and transfer music files onto your phone. You can also use the E62′s mass-storage mode to make the phone appear as a hard drive on your desktop, and drag and drop files. Unlike with Palm Desktop and Microsoft’s Windows Media Player, though, there’s no easy way to reformat video to play on the device’s video player, a big multimedia minus.
Of course, the E62 is also a phone, too. As a quad-band world phone with EDGE data, it gets solid reception. Both the earpiece and the speakerphone are quite loud, and sound is very sharp and clear, with a pleasing, trebly bias. The slab-like design puts the microphone quite far away from your mouth, though, letting in too much background and wind noise for my taste. Using a Bluetooth or wired headset improved transmissions—and it also got around that this big-slab phone isn’t very comfortable to hold up to your head. Speaker-independent voice dialing works over Bluetooth, but isn’t as accurate as the Voice Signal solution seen on some other phones.
The E62 supports a very wide range of Bluetooth functions, including headsets, stereo music playback, file transfer, dial-up networking, printing, and PC connectivity. Unfortunately, the prototype’s Bluetooth was pretty buggy. For example, remote-control functions didn’t work with my Plantronics Pulsar 590a headphones, and the phone had trouble pairing with a Jabra a320s Bluetooth dongle on a PC. With a Plantronics Voyager 510 headset, Bluetooth range was pretty good—rock-solid at 15 feet, just fine at 30, and staticky but usable at 45.
The E62 should stack up well against its smartphone competition. Depending on which carriers pick it up, it will go up against the BlackBerry 8700c and 8700g, Palm Treo 650 and T-Mobile MDA/Cingular 8125 as QWERTY phones on a GSM carrier. Inevitably, it’s also going to be compared with Verizon’s Motorola Q. The E62 is a far better voice phone than either the MDA or 8125. It also has a higher-res screen and a better Web browser than the Treo, and more multimedia options and available third-party software than the BlackBerry, although the BlackBerry does a better job for individuals who want to merge Exchange, POP3, and/or Yahoo! mail in one place. The Q has easier PC sync options, but the E62 will attract people who don’t want to align themselves entirely with a Microsoft ecosystem.

In short, at a compelling price (I’ve heard as low as Rs 9500 with service), the Nokia E62 could be a killer handheld.

About BlackBerry

BlackBerry Hardware

A BlackBerry can do everything that a cell phone can do, including sending text messages via SMS. It’s also an organizer, a calendar, an e-mail client, a Web browser, a two-way pager and a palm-top computer. Although it can do some of the same things a computer can, it doesn’t have to be in a WiFi hot spot to work — it uses the cell phone network as well as 802.11b WLAN. To do all this, it combines the components of a cell phone and a PDA.

Some BlackBerry models have the same form factor and components as a smart phone. Others look more like PDAs or palmtop computers. Specific components can vary from one model to another, but in general the visible parts of a BlackBerry are:
LCD display
QWERTY keyboard
Click wheel
On/off, escape and other keys
Headset jack
USB charger connection
Antenna (interior on some models)
Indicator light to advise users of new messages or data
From the outside of the unit, you can also see where the microphone and speaker are located as well as where to access the rechargeable lithium ion battery.

A printed circuit board connects everything inside the case, including:
Light source for the LCD screen
32-bit microprocessor
Memory (usually flash and RAM)
Bluetooth transmitter (in some models)
Wireless modem (in some models)

 

 

The internal parts of the BlackBerry.

 

       The underside of the BlackBerry keyboard.

Unlike many earlier PDAs, which used touch screens as a user interface, the BlackBerry has a keyboard designed for use with the thumbs. This keyboard operates much like the keyboard of your computer, with one notable difference. Most computer keyboards use dome switches, and each key lies over one switch. Pressing the key activates the switch. In a BlackBerry, however, rows of dome switches lie between the rows of keys. Each key has actuators that press one or more of the switches adjacent to it.

 

The BlackBerry’s software uses a lookup table to match each letter with a specific combination of dome switches. This layout uses fewer switches, allowing a smaller keyboard.

BlackBerry smart phones have even less space for a keyboard, so each key corresponds to more than one letter. Predictive text software called SureType lets a person type normally and determines the right word as the person types. People can also use multiple taps on each key to select different letters as most people currently do to send text messages on their cell phones.

BlackBerry Software

A BlackBerry 8700C

In addition to the push technology discussed earlier, a BlackBerry requires a variety of software on the handheld unit itself and on servers and desktops. The devices are part of a network that includes handhelds, handheld software, desktop software and server software.

The BlackBerry unit uses a proprietary BlackBerry operating system and usually includes e-mail, Web browsing, instant messaging and personal information management (PIM) software. Third-party developers have created a wide variety of other programs for the BlackBerry, like games and productivity applications.

Other third-party programs are customized applications that let people get data and updates from proprietary sales, data collection and other business software. Many of these use a browser interface and e-mail messages for data retrieval. Users get an e-mail message with a link they can click to make a phone call, view data or log in to a service. SSL and TLS encryption protect information and data.

Since a BlackBerry has less memory and processing power than a computer, each of these programs has to be relatively small and efficient. Web pages have to be simple and not rely on frames or applets, and they’re most effective when they use minimal colors. BlackBerry developers use a Java development environment that lets them simulate a BlackBerry and make sure their programs are compatible.

Businesses that employ multiple BlackBerry users often use the BlackBerry Enterprise Server software to manage each BlackBerry’s connection with the corporate network. The software runs behind the corporate firewall, and pushes information to the handheld units. System administrators can also use the server-side software to update BlackBerry units wirelessly.

Individual users can run BlackBerry Desktop Redirector software on their computers, which plays the same role as the Enterprise Server but on a smaller scale. The Desktop Redirector sends information in small pieces so it doesn’t overload the person’s connection or deliver unnecessary information to the BlackBerry. The computer has to be on and running in order for the redirector to work.