2018 IEEE Symposium on Security and Privacy (SP) (2018)
San Francisco, CA, US
May 21, 2018 to May 23, 2018
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/SP.2018.00042
Nolen Scaife , University of Florida
Christian Peeters , University of Florida
Camilo Velez , University of Florida
Hanqing Zhao , University of Florida
Patrick Traynor , University of Florida
David Arnold , University of Florida
Gift cards are an increasingly popular payment plat- form. Much like credit cards, gift cards rely on a magnetic stripe to encode account information. Unlike credit cards, however, the EMV standard is entirely infeasible for gift cards due to compatibility and cost. As such, much of the fraud that has plagued credit cards has started to move towards gift cards, resulting in billions of dollars of loss annually. In this paper, we present a system for detecting counterfeit magnetic stripe gift cards that does not require the original card to be measured at the time of manufacture. Our system relies on a phenomenon known as jitter, which is present on all ISO/IEC-standard magnetic stripe cards. Variances in bit length are induced by the card encoding hardware and are difficult and expensive to reduce. We verify this hypothesis with a high-resolution magneto-optical microscope, then build our detector using inexpensive, commodity card readers. We then partnered with Walmart to evaluate their gift cards and distinguished legitimate gift cards from our clones with up to 99.3% accuracy. Our results show that measurement and detection of jitter increases the difficulty for adversaries to produce undetectable counterfeits, thereby creating significant opportunity to reduce gift card fraud.
payments, magnetic, stripe, gift, credit, card, magstripe, counterfeit, fraud, EMV, jitter, cloning
N. Scaife, C. Peeters, C. Velez, H. Zhao, P. Traynor and D. Arnold, "The Cards Aren't Alright: Detecting Counterfeit Gift Cards Using Encoding Jitter," 2018 IEEE Symposium on Security and Privacy (SP), San Francisco, CA, US, , pp. 695-708.