ATM passwords (PINs)
Phil Hughes
fyl at ssc.UUCP
Mon Dec 12 06:13:07 AEST 1988
In article <753 at altos86.UUCP>, nate at altos86.UUCP (Nathaniel Ingersoll) writes:
> However, the ATM waits to
> perform all data transfer until it has all necessary information,
> so it probably sends whatever you entered for a PIN, your transaction
> data, and whatever else, to the remote computer, which then
> validates the PIN and transaction.
As dumb as it may seem, here is what really happens on most ATMs (IBM
and Diebold in particular). It is not, however, the way it works on the
system I worked on. We figured a reader terminal was smart enough to
figure out what to do next :-)
1. You enter your card and the ATM sends the card number to the network
2. The network tells the ATM to get the PIN
3. The ATM asks for the PIN and waits. When it gets it, it sends it
to the network.
4. ...
You get the idea I am sure. There is a mainframe talking over a serial
line to a bunch of extremely dumb terminals. The good news is that the
PIN is encrypted at the ATM before it is sent and it is sent in a
different message than the card number. This means that tapping the
communications line does not give you the necessary information to make a
bogus card and use it in another ATM.
--
Phil Hughes, SSC, Inc. P.O. Box 55549, Seattle, WA 98155 (206)FOR-UNIX
uw-beaver!tikal!ssc!fyl or uunet!pilchuck!ssc!fyl or attmail!ssc!fyl
More information about the Comp.unix.wizards
mailing list