[danilocampos]

Because the magnetic stripe contains a security code that's not otherwise represented on the card. Including that code in the transaction gets you a better rate, since the physical presence of a card may signal a lower risk of fraud. (2.75% flat for a swipe versus 3.5% and 15¢ for keying in the number, according to Square's site)

[Aqua_Geek]

> Because the magnetic stripe contains a security code that's not otherwise represented on the card.

Not really: http://en.wikipedia.org/wiki/Magnetic_stripe_card

The stripe usually just has the cardholder name, the card number, expiration date, and sometimes the CVV. It depends a lot on what tracks are present on the card, what info your bank has included in the "discretionary data" chunk, which track was read by the reader, etc.

If you grab a cheap USB magstripe reader, you'll find that most things (library cards, student IDs, airline tickets, etc) really don't include much of anything that is not already printed on the item.

There are technologies like MagnePrint (http://www.magneprint.com/) that use the signature of the ferrous oxide particles on the card. But it requires your bank and the merchant to use the tech.

[danilocampos]

Here you go:

http://en.wikipedia.org/wiki/Card_security_code

"The first code, called CVC1 or CVV1, is encoded on the magnetic stripe of the card and used for transactions in person. The purpose of the CVC1 or CVV1 is to ensure the data stored on the magnetic stripe of the card is valid and was generated by the issuing bank. This value is submitted as part of transactions and is verified by the issuing bank. A limitation of the CVC1 or CVV1 is that if the entire magnetic stripe is copied, rather than generated, the card can be duplicated. See the Skimming section for more details.

The second code, and the most cited, is CVV2 or CVC2. This CSC (also known as a CCID or Credit Card ID) is often asked for by merchants for them to secure card not present transactions occurring over the Internet, by mail, fax or over the phone. In many countries in Western Europe, due to increased attempts at card fraud, it is now mandatory to provide this code when the cardholder is not present in person."

[chopsueyar]

...and if you really want to play with it:

http://www.sparkfun.com/products/8634

Also, searching for "magentic card writer" on ebay returns quite a few models.

http://stores.ebay.com/Mini-MagReader?_trksid=p4340.l2563

Take a look at the handheld readers. It will make you never want to let your credit card out of your sight again.

[grandalf]

Does it follow from this that manual carbon copy "imprint" machines are not eligible for card present rates?

This may sound dumb, but why not just put this additional security code in a bar code or QR code somewhere on the surface of the card to allow for the equivalent security using a camera to read the card?

[ramidarigaz]

I think it's for the same reason the just using the number increases the rate. It allows someone to snap a picture of your card without ever having to touch it. The magnetic strip adds a bit of complexity to getting the data off the card.

[pbreit]

No, the opposite. A manual imprint is even more indicative of card-present than a mag-stripe read (which can be easily faked).

Reading QR or other codes with a smartphone's camera is extremely cumbersome whereas swiping a mag-stripe is simple and reliable.

[grandalf]

I totally don't agree with your assessment of what is simple and reliable. I've had the mag stripe fail on numerous hotel room keys and a few credit cards over the years. A QR code is readable even if somewhat scuffed, etc.

It would seem that with a small investment in a magnetic stripe writer and a plastic mould, any scammer could create cards that could fool an imprint swiper or magnetic stripe reader.

Further, wouldn't a signature make all of the above close to equivalent?

[pbreit]

I can't even remember the last time my credit card couldn't be swiped. What do you do to them?

True, but still even easier to duplicate a QR code.

Signatures don't help very much since the fraudster can sign his own fake card. That's why more stores are asking to see drivers licenses which is annoying.

[tallanvor]

No, it's just that a manual entry makes errors more likely, and is verification that the card is present. Or rather, that some sort of card with the customer's information is present.