Data is laid out on a standard magnetic card in three tracks. A magnetic stripe card may have any of these tracks or a combination of these tracks.

Track 1 was the first track standardized. The International Air Transportation Association (IATA) developed it and it is still reserved for their use. It is 210bpi with room for 79 7-bit characters.

Track 1 is encoded with a 7-bit scheme (6 data bits plus one parity bit) that is based on ASCII. If the reader does not perform the ASCII conversion, add 0x20 to each byte to turn it into ASCII (there are no “control” characters). The seventh bit is an odd parity bit at the end of each byte.

Track 1 Fields

Start sentinel 1 byte (the % character)
Format code 1 byte alpha (The standard for financial institutions specifies format code is “B”)
Primary Account number Up to 19 characters. American Express inserts space characters in here in the same places the digits are broken up on the face of the card.
Separator 1 byte (the ^ character)
Country code 3 bytes, if used. (The United States is 840) This is only used if the account number begins with “59.”
Surname
Surname separator (the / character)
First name or initial
Space (when followed by more data)
Middle name or initial
Period (when followed by a title)
Title (when used)
Separator 1 byte (^)
Expiration date or separator 4 bytes (YYMM) or the one byte separator if a non-expiring card.
Discretionary data Optional data can be encoded here by the issuer.
End Sentinel 1 byte (the ? character)
Longitudinal Redundancy Check (LRC) 1 byte. The LRC is made up of parity bits for each “row” of bytes, making the total even. That means that the total of all the bit 1s of each byte has to come out to an even number. Same for bit 2, etc. The LRC’s parity bit is not the sum of the parity bits of the message, but only the parity bit for the LRC character itself. (It is odd, just like any other single byte’s parity bit).

The American Bankers Association (ABA) developed track 2 for online financial transactions. It is 75bpi with room for 40 5-bit numeric characters.

Track 2 is encoded with a 5-bit scheme (4 data bits plus one parity bit). To convert this data into ASCII, add 0x30 to each byte.

Track 2 Fields

Start sentinel 1 byte (0x0B, or a ; in ASCII)
Primary Account Number Up to 19 bytes
Separator 1 byte (0x0D, or an = in ASCII)
Country code 3 bytes, if used. (The United States is 840) This is only used if the account number begins with “59.”
Expiration date or separator 4 bytes (YYMM) or the one byte separator if a non-expiring card
Discretionary data The issuer can encode optional data here.
End Sentinel 1 byte (0x0F, or a ? in ASCII)
Longitudinal Redundancy Check (LRC) 1 byte.

Track 3 is also used for financial transactions. The difference is its read/write ability. It is 210bpi with room for 107 numeric digits. Track 3 is used to store the enciphered PIN, country code, currency units, amount authorized, subsidiary account information, and other account restrictions.

Track 3 has the same properties as track 1 (start and end sentinels and an LRC byte), except that there is no standard for the data content or format. No national bank card issuer currently issues track 3.

In those rare systems where the PIN is stored on the card, this is the track where it is stored.

Additional Reading on Magnetic Cards

For more information on this topic, read the ANSI/ISO 7811/1-5 standard. This document can be obtained from the American Bankers Association.

Other standard documents covering related topics include:

  • ANSI X3.92 Data Encryption Algorithm (DEA)
  • ANSI X3.106 Modems of DEA Operation
  • ANSI X4.16 American National Standard for financial services, financial transaction cards, magnetic stripe encoding
  • ANSI X9.8 Personal Identification Number (PIN) Management and Security
  • ANSI X9.19 Financial Institution Retail Message Authentication (MAC)
  • ISO 7810
  • ISO 7811
  • ISO 7812
  • ISO 8583 Bank card originated messages; Interchange message specifications; Content for financial transactions.
  • ISO 8731-1 Banking: Approved algorithms for message authentication

    Part 1 – DEA
    Part 2 – Message Authentication algorithms

  • ISO 7816 Identification cards, Integrated circuit(s) with contacts

    Part 1 – Physical Characteristics
    Part 2 – Dimensions and locations of the contacts
    Part 3 – Electronic signals and transmission protocols