1. Home
  2. UK Finance Discussions
  3. ATM fraud and C&P
  4. Page 10

ATM fraud and C&P

Depends where your boundaries are. I like to think of "last century" as being anything before 1954. :-) Even in 1980 the good folk who designed these systems can't have been so stupid as to think D&C would be secure enough for keeping money safe.

Well, yes, that's exactly what I mean.

I meant that random info together with account details went into the oven when they were baking the PIN pie. Then they slice off 4 digits and give them to the customer, and put the other few dozen onto the magstrip.

Of course it's readable, but it's unintelligible.

I'd have thought that what they'd have done is, as I said before, is set up a system such that the N-4 digit security info stored on the stripe, together with the 4 digit keyed PIN (perhaps modified by a card-stored offset separate from the N-4) would be fed into either a secret algorithm stored in the ATM, or into a not-so-secret algorithm together with a top-secret additional key stored in the ATM (the same in all ATMs), and this algorithm would then map those inputs to a simple yes or no.

What was there, AFAYR?

Reply to
Ronald Raygun
Loading thread data ...

AFAICR, there was no specified place where 'random data' was stored(lets call it 'bank specific data'). All the data on the stripe was explained and understandable and none of it was encrypted. However, this was after standards (ie all cards used the same standard) and definitely at a point where PINS were stored centrally. I also saw a device demo'd to me where you could swipe the card and read *all* the data and write it out to a screen. AFAICR there was no particular strings of gobbledegook. There was certainly stuff that didnt apparently make sense to the naked eye, but it could be understood by looking at the spec. I suppose you coud always use selected data from 'random' places, but as this was after centralised PINS I dont suppose that happened in this case. Might have done 10 years earlier.

Reply to
Tumbleweed

I just received a replacement credit card and the PIN on the same day. If banks are so careless, crooks don't need any sophisticated scams, they can just steal credit cards and PINs from your mail.

Reply to
Steve

They've been doing just that.

formatting link
You can always send your PIN back if you don't use your card to withdraw cash.

Reply to
James

BeanSmart website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.