Chapter 4

Turning 40 Digits into Gold

Man is pre-eminently a creative animal, predestined to strive consciously for an objective and to engage in engineering … But why has he a passionate love for destruction and chaos also?

—Fyodor Dostoyevsky

There is much talk about payment application security, specifically, how to protect cardholder data from theft. But what exactly is this cardholder data and why should it be protected at all? What is this particular piece of information that is stolen when they talk about card data breach? And if it is stolen already, is it really so easy to use it in order to make money? Shouldn't we first know the answers to such questions before we even start talking about security? This chapter will try to address these concerns.

Magic Plastic

“In a commercial sense credit is the promise to pay at a future time for valuable consideration in the present.”¹ Combined with technology (I could not call something that is already more than half a century old “modern technology”), it produced a magnetic credit card which was the first and, up until now, very successful implementation of a magnetic payment card.

Most of us are familiar with credit, debit (PIN), and gift cards, which represent the biggest group of the payment cards. The basic difference between those cards is that a credit card manipulates with money that we owe to the card issuer, a debit card with our own money, and a gift card with money that we already spent. From a security point of view, ...