A criminal gang places a device over the card slot at the pay kiosk of a gas station. It looks like a legitimate part of the machine.
But it can read customers' information as they slide their cards through it and into the real card reader. The crooks then create "cloned" cards and use the counterfeit plastic to steal tens of thousands of dollars from cash machines.
It's happened thousands of times in the last few years. To combat this electronic crime wave, a local manufacturer is developing card readers that greatly exceed industry-mandated security standards: They won't get fooled by cloned cards again.
"Our goal is to prevent anyone from processing a counterfeit card," said Mimi Hart, chief executive of MagTek Inc., a Carson-based manufacturer of magnetic stripe readers that employ encryption and authentication technologies.
"We can detect if the card is counterfeit by looking at the magnetic stripe," Hart explained. "No two magnetic cards are identical because each has a unique magnetic signature. It's the DNA of the card."
In addition to verifying the authenticity of a card, the company's secure card readers also use encryption algorithms to protect the customer's information from being stolen by illicit readers while a transaction is being processed.
To develop the encryption technology, MagTek teamed up with TrustCommerce, an Irvine-based company that processes electronic payments.
TrustCommerce executives approached Hart about three years ago to ask if her company could develop a device that could incorporate software for instant encryption of card data.
"Mimi said it was a great idea," said Rob Caulfield, chief executive of TrustCommerce. "They had a prototype within six months and the device was ready in about a year."
The result was the MagneSafe product line, which shoots data to the transaction processor without leaving a trace at the point of sale. When the card is swiped on a MagneSafe device, the information is immediately encrypted and then sent to a secure transaction processor such as TrustCommerce, where the information is decrypted, processed and returned to the merchant within 1.5 seconds.
"The merchants understand that they do not need the data, they just want to get paid for their products and services rendered," Caulfield said. "By removing the data, it minimizes the risk."
MagTek was co-founded by Lou Struett and Thomas McGeary in June 1972.
After working at other firms struggling to produce mechanical card swipe readers, Struett and McGeary launched MagTek with the financial backing of angel investors.
"In those days, there were almost no cards with magnetic stripes," said Struett, executive vice president of MagTek. "There were a couple of companies building the early generation of ATMs and we saw the future of this technology to make a machine-readable card."
The company developed an electronic reader with no moving parts that was cheaper that its mechanical predecessors and easier to install at gas stations and cash machines.
The product was so successful that the company was able to finance its growth almost entirely from retained earnings, Struett said.
MagTek later began producing small, inexpensive check processors that could be installed in the cash registers of retailers.
The company's latest models of secure card readers include devices that fit in the palm of your hand and transmit payment information wirelessly. Armed with a mobile phone or Bluetooth headset, a pizza delivery man can swipe the card on a handheld device to process the payment.
Demand for MagTek products is booming as retailers struggle against payment fraud.
"Payment card-related fraud is escalating and will probably double in the next few years," said Avivah Litan, a security analyst for Gartner Inc. in Stamford, Conn. "There is a lot of pressure for retailers to strengthen the security in their point-of-sale systems because that is the real vulnerability."
Losses from credit card-related fraud totaled nearly $5.5 billion in 2007, more than triple the $1.46 billion fraud registered 10 years earlier, according to industry research firm Nilson Report.
But the company's future may depend on the arrival of technology that's already popular in Europe: "smart cards" that feature information coded on chips, which are much more difficult to counterfeit. Canada is currently running a pilot program to test the "smart card" technology.
"MagTek solves today's problems, but they may not solve tomorrow's problems," Litan said, while observing that it will likely be several years before the United States shifts from magnetic stripe to smart cards.
"It would take two to three years to make the commitment to move to chip-based cards and another five years to roll it out," Litan said.
Until America switches to smart cards, demand is expected to remain strong for MagTek's products. But the competition is heating up.
VeriFone Holdings Inc., a San Jose-based provider of electronic payment solutions, in October announced a strategic investment in Semtek Innovative Solutions, a technology firm in San Diego.
The two companies unveiled their collaborative effort, the VeriShield Protect System, last month. Like the MagneSafe product line, VeriShield provides protection of credit and debit account information from the moment a card is swiped until the data is received at a secure decryption center for processing.
With annual sales of about $800 million, VeriFone has considerable resources, while Semtek is flush with equity financing from two venture capital funds. MagTek, which Struett said has less than a quarter of VeriFone's revenue, has a smaller treasure chest and is internally funded.
Core Business: Secure magnetic stripe card readers
Employees 2007: 220
Employees 2008: 229
Goal: To continue leading market in card-encryption products
Driving Force: Retailers' need to protect consumers from an increase in payment card-related fraud
For reprint and licensing requests for this article, CLICK HERE.