Bank Cards Are Built From Cold War Spy Tech
From CIA security passes to a Soviet bug hidden in a wooden seal, the technology inside your bank card has a wilder history than you'd expect.
Written by AI. Helen Papadopoulos
Photo: AI. Otieno Okello
Pull a bank card out of your wallet and look at it for a moment. There's a magnetic stripe, a small gold chip, and — invisible beneath the plastic — a coil of copper wire that functions as an antenna. None of these components were invented for banking. The stripe came from the CIA. The contactless antenna descends from a Soviet spy bug. The chip traces its conceptual lineage to medieval signet rings. And the three-digit security code on the back owes its existence, improbably, to the early internet adult industry.
Professor Hannah Fry's documentary series The Secret Genius of Modern Life opens with the bank card, and it's a smart choice of subject. Few objects are so aggressively ordinary — and so architecturally strange, once you know what you're looking at.
The Stripe Was Never Meant for Shopping
The story begins not in a bank but in Langley, Virginia. It's 1961, the CIA is moving into its new headquarters, and it has a problem familiar to any large organization: how do you manage access for thousands of employees when the old system — a guard who recognizes your face — simply doesn't scale? The agency turned to IBM, which was already experimenting with magnetic tape as a data storage medium. The idea was to encode a unique identifier onto a strip of tape and bond it to a plastic card.
The technical obstacle — how to affix magnetic tape to plastic without destroying either — was reportedly solved by Dorothea Parry, wife of IBM engineer Forrest Parry, who noticed that a household iron would soften the plastic just enough to bond the tape cleanly. History has frequently credited Forrest; Fry, to her credit, flags the correction. The innovation itself was elegant in its simplicity: ones and zeros, magnetized or not, encoding identity.
IBM then made a characteristically astute business decision. Rather than patent the magstripe, they released it freely. The reasoning, as explained by historian Dr. Shawn Vanatta in the documentary, was pure corporate strategy: IBM's real money was in the enormous mainframe computers needed to read the stripes. Give away the format; sell the infrastructure. By 1969, the first magstripe bank card was in circulation, and IBM was selling the systems to process it.
What IBM did not adequately reckon with — or chose to ignore — was the format's fundamental insecurity. The stripe broadcasts the same static data every single time: card number, name, expiry date. It isn't encrypted. As Vanatta puts it with admirable bluntness: "It's worse than useless. It's actually really dangerous to adopt this technology." The banks adopted it anyway, because it was cheap and they were small and fragmented, and cheap won.
The fraud followed predictably. A reformed card criminal identified in the documentary only as Tony describes how simple the exploitation was: an accomplice with a handheld skimmer in a restaurant or deli could harvest 300 card numbers in a single Saturday shift. The data transferred to a blank card in under five minutes. "The mag stripe is so easy to skim," Tony observes, "because it's not encrypted and it's just there open." The banking industry's response to knowing this in the 1970s was, essentially, to hope for the best.
A Dream About Jewellery
The chip that eventually replaced the stripe has a more romantic origin story. Roland Moreno was a French inventor with, by all accounts, the temperament of a benign eccentric — his daughters describe "his crazy hair" and a mind that simply wouldn't stop working. In the early 1970s, he became fixated on the idea of eliminating physical cash entirely. His first prototype mounted a microchip onto his wife's ring, which she did not appreciate, and which she remains unamused about to this day.
The conceptual inspiration, Moreno claimed, came from medieval signet rings — those intricately carved seals used to authenticate documents in hot wax. The logic is sound: a signet ring works precisely because it's nearly impossible to copy exactly, and its impression constitutes proof of identity. What Moreno wanted was an electronic equivalent: a device that authenticated you without broadcasting static data that anyone could copy.
By 1974 he had transitioned from ring to card, and had built the world's first chip-and-PIN system — complete with a self-destruct mechanism that wiped the chip after three wrong PIN attempts, a feature that should honestly have survived into the present. The banks declined. France Télécom did not. In 1983, Moreno's chip cards replaced coins in French phone booths. The banks, watching the technology prove itself at scale, finally moved. By 1992, chip and PIN was mandatory on all French bank cards. The UK followed in 2003, a lag that Fry describes as "slightly embarrassing." Chip and PIN cut counterfeit card fraud by over 50%.
The chip's security advantage over the stripe is architectural. A magstripe says the same thing every time. A chip generates a unique cryptographic code for each transaction, so capturing the data from one payment gives you nothing useful for the next. The information the chip sends, as the documentary notes, "changes every transaction, which makes it far harder to copy."
The Soviet Bug in Your Wallet
The contactless antenna is the strangest thread in this genealogy. RFID — radio frequency identification — is the technology that lets you tap your card and walk away. It works by harvesting power from the card reader's radio signal, using that harvested energy to briefly power a microchip, and transmitting authentication data back. The card itself is entirely passive. It has no battery. It does nothing until an external signal activates it.
This is precisely the principle behind a Soviet surveillance device known as "the Thing," designed by Leon Theremin — yes, the inventor of the theremin — while imprisoned in a gulag laboratory after his 1938 arrest on spurious counter-revolutionary charges. In 1945, Soviet schoolchildren presented the American ambassador in Moscow with a carved wooden replica of the Great Seal of the United States as a gesture of postwar goodwill. The ambassador hung it in his office. Inside was a miniature passive listening device: no battery, no power source, entirely inert until the Soviets blasted it with an electromagnetic signal from outside the embassy, at which point it converted that energy into power, captured the room's audio, and retransmitted it. It operated undetected for seven years across four successive ambassadors before the Americans found it.
Amateur radio experimenter Neil Smith, who spent 200 hours reconstructing a version in his shed for the documentary, describes it concisely: "Basically it's an unpowered entirely passive listening device that you could hide almost anywhere."
The structural analogy to contactless payment is exact. The card is the Thing. The card reader is the Soviet van transmitting the activation signal. The chip, powered by harvested radio energy, authenticates the transaction and sends the data back out. Theremin died in 1993, aged 97, fourteen years before the UK's first contactless cards launched. The banks did not acknowledge the debt.
Three Numbers and a Chargeback Problem
The CVV — those three digits on the card's back — has the least glamorous origin story but perhaps the most human one. Online shopping in the early 1990s was crippled by fraud, and the adult industry, being among the first to need working card-not-present payments at scale, was the first to solve it.
Richard Gordon, a payment processing pioneer who began in adult chat lines, describes the chargeback problem with candor: up to 25% of customers denied having made calls. "You could just lie then, surely," Fry observes. "Absolutely," Gordon confirms, "and that was a big part of it." Gordon built real-time fraud detection systems that proved the calls had been made. When the wider internet arrived and the same problem recurred, those systems evolved into the architecture that eventually made online card payments trustworthy enough for mainstream commerce.
The CVV itself was devised by Michael Stone at Equifax: a number derived from the card's own data that verifies the physical card is present with the buyer, and which retailers are explicitly forbidden to store. If a database is breached, the long card number alone is insufficient. You need those three digits, and only the cardholder should have them.
The Arms Race That Never Ends
Today, Visa processes nearly 700 million transactions per day across its European hub alone. Each one takes 300 milliseconds. Vasant Taneja, Visa's head of technology, describes the infrastructure with a calm that presumably requires considerable professional effort to maintain.
The current threat isn't skimming. It's enumeration: automated bots systematically generating combinations of 16-digit card numbers, expiry dates, and CVV codes until they hit an active card, then immediately using it for high-value purchases before detection. Natalie Kelly, Visa Europe's head of risk, describes the countermeasure in terms that sound genuinely novel: "It's our AI against their AI." The dark web, she notes, now operates fraud marketplaces structured like Amazon, complete with seller ratings and customer reviews — with the operational security irony that fraudsters pay each other in Bitcoin and use three-factor authentication. As Fry observes: "There is no fraud amongst the fraudsters."
What's worth sitting with, after all of this, is the compounding nature of the technology. Each layer of the bank card was built in response to a failure or an exploit in the layer before it. The stripe replaced slow carbon paper. The chip replaced the insecure stripe. Contactless harvested electromagnetic principles from Cold War espionage. The CVV patched the gap that online shopping tore open. And now AI patrols the perimeter against AI.
The bank card is not a designed object in any coherent sense. It is an accumulation of patches — some brilliant, some desperate, some borrowed from entirely unrelated fields under pressure. The interesting question is whether the next discontinuity in payment technology will follow the same pattern, or whether it will finally break the genealogy entirely.
By Helen Papadopoulos, Ancient World Correspondent, Buzzrag
We Watch Tech YouTube So You Don't Have To
Get the week's best tech insights, summarized and delivered to your inbox. No fluff, no spam.
More Like This
The Science and Stories Behind Earth's Fiercest Winds
Explore the science of deadly winds, from hurricanes to tornadoes, and the people dedicated to understanding and surviving them.
WW1 Trench Life: What the Western Front Was Really Like
From Pals' Battalions to the Vickers gun, a new documentary unpacks the grim machinery of survival on the WW1 Western Front in unflinching detail.
Waco Siege: Ancient Echoes in Modern Tragedy
Explore the 1993 Waco siege through the lens of ancient cult dynamics and modern law enforcement challenges.
Searching for London's First Roman Road Under Lambeth
Time Team investigates whether London's first Roman road ran through Lambeth Palace gardens—and why the Romans crossed the Thames there before building Londinium.
Decoding Halo's MAC Platforms: Past Meets Future
Explore Halo's MAC platforms and their ancient military parallels, revealing the timeless art of warfare.
MLK: The Ancient Echoes of Justice and Leadership
Explore MLK's legacy through ancient lenses of justice and leadership. Discover unexpected connections.
RAG·vector embedding
2026-06-25This article is indexed as a 1536-dimensional vector for semantic retrieval. Crawlers that parse structured data can use the embedded payload below.