Re: ATM card pins

New Message	Reply	About this list	Date view	Thread view	Subject view	Author view

Enzo Michelangeli (em@who.net)
Thu, 6 Aug 1998 07:55:26 +0800

Next message: Marc J. Mims: "Re: ATM card pins"
Previous message: Jamen Porteus: "Re: ATM card pins"
In reply to: Chris Liljenstolpe: "Re: ATM card pins"
Next in thread: Jesús Cea Avión: "Re: ATM card pins"
Reply: Jesús Cea Avión: "Re: ATM card pins"

But if the stored encrypted PIN is the same as the online PIN (as it must
be, because nobody has two PIN's for the same card), the fact that no money
is paid after offline authentication is irrelevant: a breaker could recover
the PIN from the card, and then use it online to withdraw cash.

Perhaps different banks use different methods. However, those part of the
Cirrus (Mastercard) and Plus (Visa) networks should obviously share the same
system(s). During my trips abroad, I have been refused cash quite often due
to "no response from the remote system", which leads me to believe that PIN
verification, in those cases, is performed online.

Enzo

-----Original Message-----
From: Simon R Knight <srk@tcp.co.uk>
To: CodherPlunks@toad.com <CodherPlunks@toad.com>
Date: Thursday, August 06, 1998 1:24 AM
Subject: Re: ATM card pins

> I am sick of getting pushed around by the bank telling me my 'pin'
> number is safer than a signature. What would a bank clerke know.
> Does anyone know anything about pin encryption on banking mag stripe
> cards? I believe track 2, ABA standard, but what of the encryption?
> I don't want to use it, I just need some amunition. -- jImbo

The encrypted PIN data is located on track 3, and the encryption
algorithm is given as a "private" algorithm determined by the bank.
This algorithm can be expected to be stronger than DES, the security
weakness of which is understood by the banks. Most PIN verification
is carried out directly online to the banks themselves these days
(not from a track 3 encrypted value), and ATM's will not pay out
money in offline mode. If you are concerned about phantom
withdrawals, simply keep a small sum in your "card" account (assuming
it is not a credit card), and the remainder in a deposit account to
which no card access has ever existed.

Simon R Knight

Next message: Marc J. Mims: "Re: ATM card pins"
Previous message: Jamen Porteus: "Re: ATM card pins"
In reply to: Chris Liljenstolpe: "Re: ATM card pins"
Next in thread: Jesús Cea Avión: "Re: ATM card pins"
Reply: Jesús Cea Avión: "Re: ATM card pins"

New Message	Reply	About this list	Date view	Thread view	Subject view	Author view

All trademarks and copyrights are the property of their respective owners.
Other Directory Sites: SeekWonder | Directory Owners Forum

The following archive was created by hippie-mail 7.98617-22 on Sat Apr 10 1999 - 01:10:55