pins and passwords

[ted at nmsu.edu]

After some checking, (and one very good reference) I have found out
that in the case of ATM's serviced by the CIRRUS network:

1) the pin is verified with the issuing bank on every transaction,
although there appears to be room for CIRRUS to interject a false
verification for testing purposes.

2) all data traffic is encrypted with DES with key distribution by
public-key methods.  Lines that go out of service are automatically
replaced by dial-ups as needed, so that tapping could be done without
much chance of detection, but the cost of attacking a 4.8Kbit DES line
is probably not worth the cost (but since atm's send pins and account
numbers directly over the line, you would completely compromise those
accounts).

3) CIRRUS does not apparently support return of account balance.  This
would explain why moving out of your local area (i.e. local banking
group) causes your balance to disappear from the atm summary.

None of this information indicates that the PIN is NOT stored on the
card, only that atm's do not ever have to take the card's word that
the pin is correct.

The information that I have found does not say anything about the
other major atm transaction networks (cash stream and the plus
system), nor does it really say anything about the atm's themselves.

Many thanks to Mark Schuldenfrei for pointing me at the August 85
issue of CACM which had a case study of CIRRUS (really an interview
with one of the honshos).