Not Just for Touch - Securing a Magnetic Stripe Reader Using Cirque's Unique Technology

Credit cards and other information cards with magnetic stripes (magstripes) have enjoyed ubiquitous use since the 1980s.  One continual challenge with the magstripe is how to keep the data secure when being read by the magnetic stripe reader (MSR). Skimming devices come in various forms from probing the magnetic head reader (maghead) wires in the MSR to adding a skimming maghead. 

A common practice to protect the data is to embed an encryption chip with key management, and a communication protocol in a potting compound on the back of the tape head.  This overhead is expensive and can be cumbersome to configure and manage.

Another method is to enclose the maghead communication wires in a ‘secure cage’ that triggers a tamper signal to the host processor when an interlock wire is cut or shorted. This is often tedious to manufacture and adds significant expense.

These two methods don’t address another problem of an attacker adding an additional maghead for skimming card information.  Add on skimmers cannot be detect using traditional security cage methods and are not recognized by unsuspecting users. These add on skimmers are often part of a large plastic piece that looks like the original housing unit. It also holds a microprocessor, memory to hold card information for later retrieval or a radio for transmitting information, and a battery to power the circuit. These skimmers can be attached to the original point of sale (POS) unit in a matter of a couple seconds.

A better way to secure the reading of the magstripe is to use Cirque’s touch controller chip (specifically the "Rushmore" 1CAO37 chip). It can be used in two different ways to secure against the two methods of attack described above.

The first way is to connect the basic maghead directly to the Cirque touch controller chip. Cirque’s unique method of measuring small signals reduce the data leakage to an acceptable amount compliant with PCI (Payment Card Industry) standards. The Cirque chip uses a regulated voltage on the sensing electrodes and detects miniscule amounts of current change. It is thus a sensitive current or charge sensing engine. Provided that the Cirque chip in located in a secure cage, the only exposed signals would be the wires going to the maghead which are now, very difficult to probe any useful data from. The impedance of the wires to the maghead can be continuously monitored by the Cirque chip so that any tampering of the wires can be detected. This method of securing the maghead requires no additional secure cages or expensive encryption chips. It can also be implemented with low cost manufacturing techniques.

The other way that a Cirque chip can help keep magstripe data safe is to route additional sensing electrodes in or below the MSR housing around the maghead to create a volume proximity sensor. Using Cirque’s high performance electric field sensing circuitry, any type of skimmer that is placed on the MSR housing, can be detected. It can detect conductive metal objects as well as non-conductive objects with higher permittivity constants such as plastic. With many electrode pins available on the touch controller chip, many areas of terminal can be monitored. Of course, Cirque’s touch IC is also ideal for sensing user touch input on the PIN keypad and touch screen over the display.


Please contact the helpful staff at Cirque if you have interest in discussing our secure MSR methodologies.