PDA

View Full Version : ATM's and Security



RoD
02-22-2003, 11:11 AM
Interesting atricle imo. Even though they stress the corrupt employee angle i'm sures could do it.

http://www.newscientist.com/news/news.jsp?id=ns99993424

minesweeper
02-22-2003, 11:28 AM
What's with the bit about the PIN number being a function of the account number?

Over here at least we can choose our own PIN number.

To be honest though it doesn't really worry me. It relies on someone in the bank being dishonest and this is the case anywhere. Everytime you order something over the phone on a credit or debit card you give your number to a stranger. Even when you use a card over the counter, the person only has to remember about 15 numbers and a name, not that hard with some practice.

It does surprise me that banks would be that slack though. With the potential lawsuits against the bank you would think they would sort it out.

RoD
02-22-2003, 11:29 AM
Yea im not really concerned, its more the way it was done that interests me...

adrianxw
02-22-2003, 11:38 AM
This (http://news.bbc.co.uk/1/hi/technology/2785145.stm) one from a few days back I think could cause bigger problems.

RoD
02-22-2003, 11:47 AM
Up until now, SSL systems had been thought to be completely secure.

Only by fools and morons. Yea this could be an issue also, but nothing is ever secure 100%.

RobR
03-03-2003, 10:50 AM
Originally posted by minesweeper
What's with the bit about the PIN number being a function of the account number?

Over here at least we can choose our own PIN number.



That's true, but you will still have a native PIN. The PIN you choose is derived by adding a number to the calculated PIN.

Look at it this way.....

Your native PIN is 1234, and you want a PIN of 4321. To derive this, the system adds 3117 to your native PIN (ignoring carries) which gives your custom PIN of 4321. This offset is either stored on the server, or on the card.

The encryption used is NBS/DES.