The Evolution of Card Reading Technolgy: What is a SCRA?

Why is cardholder data in need of so much protection?

The industry is spending small fortunes on PCI compliance and while many advocate that compliance measurement is but a snapshot in time and genuine security should be the goal, few have done a root cause analysis of the problem and laid out options that would truly secure cardholders and their personal data.

Understanding Criminal Motivation

The first question is, “What makes cardholders’ data attractive?”  Unfortunately, criminals have given us the answer:  It is plentiful, static, easy to acquire and very useful to commit fraud.

The second question is, “How can we make it unattractive?”  The answer is we must make it harder to acquire the data and make it more difficult to use.

To date, PCI mandates have only focused on the first half of the solution – making data acquisition more difficult. To restore confidence and convenience to the payment system, we must make stolen data very difficult to use.

The Evolution

The following terms describe the evolution of card reading technology and how innovations have led to stronger security designed to stop data breaches and the trafficking of stolen cardholder data.

MSR - Magnetic Stripe Reader reads ISO/AAMVA encoded data and transmits clear text cardholder data.

SCR - Secure Card Reader reads ISO/AAMVA encoded data, encrypts the data and transmits clear text cardholder data.

SCRA - Secure Card Reader Authenticator -reads ISO/AAMVA encoded surface layer data, reads the magnetic particulate layer below, encrypts the data within the tamper resistant authentication sensor and
transmits the encrypted cardholder data along with the stripe’s dynamic digital identifiers (DI) for card and cardholder data authentication during the transaction authorization process ONLY MagneSafe™ secured devices fit this description.