Skip to content
logo The magazine for digital lifestyle and entertainment
A brand of Bild
Chip, magnetic strip, ...

What data is stored on bank cards and credit cards, and where is it stored?

Various data is stored on bank and credit cards
Some data fits on bank cards Photo: Getty Images

November 15, 2024, 11:23 am | Read time: 4 minutes

Pulling out a credit card to make a payment is something most people do regularly. But some of you may have wondered what data is actually stored on these small, thin bank cards – and where. TECHBOOK has the answers.

Share article

Debit and credit cards must first and foremost contain the relevant information that enables money to be moved. This information is transmitted to the processing company during a transaction. In addition to the account number, some other data is required in order to be able to carry out the transactions at all and, at the same time, protect the means of payment from misuse.

Overview

This data is stored on debit and credit cards

As you can read in the data protection information for Mastercard/Visa Card (debit or credit card) from DZ Bank, the following data is stored on debit and credit cards:

  • Name of the cardholder
  • Card Number
  • Expiry date of the card
  • Country code of the issuer
  • Card verification numbers and technical data for controlling the transaction

But that’s not all. Other security data is also stored on the chip or magnetic strip in a secure manner. TECHBOOK asked the leading credit card companies about this. However, they did not want to comment on this “security-relevant information.” Fair! The following, therefore, explains the functions of common bank cards and credit cards for a rough, general understanding.

Information that protects your card from misuse

Additional security data includes PIN check values, for example. This is encrypted data that protects the PIN code and ensures that only authorized users can use the payment method.

Furthermore, so-called cryptographic procedures used on cards are intended to ensure secure communication between the card and the card issuer. The Advanced Encryption Standard (AES), in particular, is designed to provide particularly reliable protection against unauthorized access with a maximum key length. You can find out more about this on the German Banking Industry website.

In addition, cards with an EMV chip (Europay MasterCard and Visa) use dynamic authentication data for each transaction in accordance with the current standard. This refers to one-time codes. These are also used for contactless and online payments. And finally, card issuers work with so-called proprietary data. According to the financial portal “Pocket Sense,” this is non-standardized information specially programmed for authentication or analysis of transactions, for example.

Where is the data stored on the debit and credit card?

At “Pocket Sense,” you can find out more about where exactly the various data is stored on the most common debit and credit cards.

Cards with magnetic strips

For debit and credit cards with a magnetic strip on the back, the data is stored in three separate “tracks.” The first track contains the holder’s name and the main payment information. This includes the primary account number (PAN), the expiration date, and the card verification number. The second track, which is read for most transactions, contains the aforementioned payment information in numerical format. The third track is less common and is used in security or access cards. The information stored there can sometimes also contain data for specific programs such as loyalty programs or authorized usage patterns.

Cards with magnetic strips have become less common since the introduction of chip payments. From 2033, Mastercard cards with magnetic strips will no longer be available.

EMV chip

Debit and credit cards with an EMV chip are more modern and are considered more secure in terms of data processing. They generate a unique authentication code for each transaction. The basic payment information described (= PAN and card expiration date) is stored in the chip, which is described by “Kartensicherheit.de” as “a small computer.” This is because the chip has an “operating system and stores secret data with a very high level of encryption.”

The chips and the technology surrounding them are regularly developed further. Recently, for example, Infineon presented a more environmentally friendly card for cashless payment, which, among other things, dispenses with the long copper wire that previously served as an antenna.

More on the topic

Data exchange for contactless NFC payments

The situation is similar for contactless payments via NFC. The data required for transactions is stored in a secure chip. This data is not transferred directly to the card but via the NFC system directly to the payment processor, which then carries out the authentication. With NFC payments, simply approaching a recipient is sufficient to confirm the data exchange. For security reasons, the data is usually limited and can only be used for smaller payment amounts. For instance, at Sparkasse, the maximum amount for contactless payments without a PIN is 50 euros.

This article is a machine translation of the original German version of TECHBOOK and has been reviewed for accuracy and quality by a native speaker. For feedback, please contact us at info@techbook.de.

Topics Evergreener Online-Banking Smart Finance
Your data privacy when using the share function
To share this article or other content via social networks, we need your consent for this .
You have successfully withdrawn your consent to the processing of personal data through tracking and advertising when using this website. You can now consent to data processing again or object to legitimate interests.