Card-related protocols
Magstripe
A magnetic stripe card, a.k.a. swipe card, is much like a piece of audio tape on a card.
The prototype basically was that, and to this day the heads used are similar.
Orders of magnitude
- densities like 75 or 210 bits per inch
- often storing 5 or 6 bit codes
- There may be multiple tracks, on the order of 3mm wide
A lot of uses write them just once, with what amounts to a token.
A few repeat their code, as readout has more than one chance to read it correctly.
They store a handful of numbers, so are usable similar to barcodes.
They should not store anything of real value, or recognizable. They should typically be randomly generated tokens that point to a database, so that they do not reveal much from a single readout, they can at worst identify repeated visits from the same card.
You should certainly not e.g. keep a money balance on the card itself.
There are systems that ignore this, which sometimes makes sense, but are usually rather insecure.
Cloned cards can potentially be detected if the entire setup is designed up for it,
but it's a bit of security-by-obscurity, isn't the most effective, or very common.
The magnetic material varies in coercivity.
- HiCo (Higher coercivity) requires more energy to encode, and that encoding will last longer.
- LoCo is perfectly fine for things like one-use hotel room keys, transit tickets, day passes for theme parks, and such.
Smart cards
https://en.wikipedia.org/wiki/Smart_card
CCID: USB-smart card interface https://en.wikipedia.org/wiki/CCID_(protocol)