Editor’s Note: In a recent Banking Corner article, we asked the question “should your campus use the 16-digit ISO numbering scheme.” As a followup to this article, we look at part two of being ISO compliant. Special thanks to Taran Lent of CardSmith for the preparation of this important article.
By Taran Lent, CardSmith
A lot of attention has been given in recent years to the 16 digit ISO standard numbering scheme (ISO 7812) in connection with identification cards. This is particularly true in light of the migration away from using Social Security numbers for identification, which has obvious security concerns. There are many benefits to this long established internationally accepted card numbering standard. As a result, many campuses have already registered for their own unique IIN (Issuer Identification Number) and implemented card numbering schemes with 16 digit ISO numbers.
However, some campuses may be disappointed to learn that their campus card is only 50% ISO compliant. While registering and implementing a 16 digit ISO number is a step in the right direction, it is in fact only step 1 of 2 primary steps required for full compliance with ISO standards.
The second and equally important step to a fully ISO Compliant card is to comply with the lesser known standard, ISO 7811, which specifies how data is encoded on the magnetic stripe of the card. This standard is clearly defined and commonly used by hardware and software developers creating solutions that rely crucially on reading the magnetic stripe data according to exact specifications.
By strictly implementing encoding standard ISO 7811 in addition to numbering standard ISO 7812, card program administrators can ensure compatibility with a virtually unlimited range of current and future card technologies and eliminate the risk of being limited to using proprietary and more expensive terminal hardware and software. This will also give the card program complete flexibility to work with multiple solution providers and systems while keeping the door open to change technologies over time without needing to either change the card or re-card the campus.
The good news is that understanding and complying with ISO 7811 is not particularly difficult. The most critical aspect to the standard is the exact data field layout on Tracks 1 and 2 of the magnetic stripe, as described in the tables below.
Below are examples of valid Track 1 and 2 data given the following cardholder information:
Card Number: 6039 6044 4555 1057
Cardholder Name: Jane Doe
Expiration Date: 12/2008
ISO 7811 is not as well understood as ISO 7812 and is therefore routinely implemented incorrectly or ignored entirely. While following the standard is straightforward, there are some common pitfalls such as applying the standard to only Track 2 but not Track 1 (or vice versa), not using a valid expiration date, and/or omitting required fields altogether.
The primary problem for cards with these deviations is that they do not work properly with applications designed for use with ISO 7811 standard cards. Therefore, every application used by the card will require expensive custom development, driving up cost and reducing flexibility. Campuses with multiple card systems competing for magnetic stripe real estate are especially prone to non-compliant encoding mistakes. Below are the most common examples of track data schemes that do not comply with ISO 7811.
If you are curious or concerned about whether or not your card is ISO compliant, you can determine this easily by reading the track data on your card using a standard USB card reader. Once installed on your desktop computer simply open up a text application such as Notepad.exe or Wordpad.exe and swipe the card. The track data will print out on the screen and you can compare the result to the examples above and the ISO 7811 specification. If you are not currently ISO Compliant but are planning a project to become so, it is highly recommended that you purchase a copy of both the ISO 7811 and ISO 7812 specifications for your card implementation team to use as reference.
Remember, ‘almost’ only counts in horseshoes and hand grenades. You can’t ‘almost’ graduate, you can’t ‘almost’ be in love and you can’t ‘almost’ be ISO compliant. You either are or are not, and to be in the “are” camp, you have to implement to both standards – numbering and encoding. If you decide to implement ISO for your campus card, be sure to do it 100%.
To purchase a copy of ISO 7811 or ISO 7812 from ISO, click here.
To register for a unique IIN number ($600) with ANSI, click here.