ATM limits.

In message , Christian Bartsch writes

I dont know where 'back here' is but see my reply to Chris Blunt.

In message , John Laird writes

Which it isnt, se my other post.

john boyle said on 29.05.04:

Not everybody in this newsgroup fakes his email.

The one about why fraud is not more prevalent or the one about chip and pin? Neither seems to be relevant to the question of whether a fraudster would just have to encrypt all numbers from 0000 to 9999 to start a known- cyphertext attack on your magstripe card.

Chris

Yes yes I am believing you.

In message , Christian Bartsch writes

goes someway towards it. I cant understand why if it is as simple as you say, that there isnt widespread fraud. My other post does make clear that the PIN is on the card though.

It will be stored on the new 'Chip & PIN' cards as these can be made sufficiently secure with the use of more sophisticated encryption technology. I thought we were talking about the existing magnetic stripe cards, from which the data can be read very easily.

I would think the chances of (b), keeping it secret, would be almost zero, especially as the same algorithm must be used globally to allow international use of cards. It wouldn't take much to persuade a low-paid ATM technician in a small bank somewhere to reveal all.

In message , Chris Blunt writes

You said 'no longer' as though something had changed. The only thing that has changed is 'chip & pin'. The basis of where the PIN is stored hasnt changed at all. There has has been no major change in card design since their original introduction.

In principle, yes. In practice, I suppose either the algorithm *is* reasonably secret, and likewise the key, or else even if it does get out, it may be the case that the function is so complicated that even ATMs fitted with special fast (and secret) hardware still take a good few seconds to compute even just *one* encryption, so it would take an ordinary "fast" home PC rather longer, perhaps a minute. Still, 83 hours may not exactly be a "jiffy", but still worth having a go.

Another possibility is that the algorithm is not secret, but the key is. If the key were to get compromised, all hell would break loose, since every machine in the *world* uses the same one, and changing it would involve not only changing every machine but also *everybody's* card.

But it's not all that bad. Machines could have (and probably do have) a number (even if only one) of backup keys for just such an eventuality, and the cards could have a key identifier on them, so the machine would know which key had been used to encrypt the PIN stored on it. If it's an old key, it could then try to go online to the bank and obtain a newly encrypted version of the original PIN, and store that on the card. If it can't go online, it would use some heuristic to determine whether that card had been compromised, and decide whether to risk allowing the transaction or to decline it.

In message , Peter King writes

You get told the original PIN which the system still knows.

This doesnt follow from what you have said. I dont say the PIN isnt on a central system (iot must be for you to have received a paper advice) I am only saying that it is also on the card and it is not checked online, it is checked locally.

The PIN is put on the card when you next use it at an ATM that is online at the time.

Er, its a bit more complicated than that.

Some very interesting information has been posted in this thread - most of which is wrong. As someone who's 'in the business' - let me clarify.

There are no ATM's in the UK that authorise a transaction without contacting a remote host first. All ATM's are online - they will contact a remote host to check your balance authorise the transaction if you have enough money (or an overdraft).

There are no ATM's in the UK that do PIN verification. Once a PIN is entered at the ATM some basic sanity checking is done (were enough digits entered for example) - then it is encrypted and sent to the remote host for verification. Even at the remote host, the pin is stored in an encrypted format (so no bank employee could ever know your pin). For PIN verification to take place, the PIN stored on the host, and the PIN sent from the ATM are decrypted and compared. All of this is (or should be) done in memory and is never stored on disk.

Could you crack the encryption keys? In theory yes - but most banks will automatically update the ATM PIN keys on a daily basis - so you would not get very far. Nothing regarding the PIN is sent 'over-the-wire' in an unencrypted format.

In the 3rd world, there are some ATM's which store balance and authorisation data in a highly encrypted format on one of the magnetic tracks on the card itself (there are 3 tracks) - but that is only used in the 3rd world where comms are dodgy.

Aris

"aris" wrote

How do the banks get the new encryption key to *every* single ATM in the

*world*, every single day??

Thanks for the explanation. You say "most banks" update the keys on a daily basis, so how does that work when a customer of one bank uses his card in another bank's ATM, or in another country? Doesn't everyone have to be using the same key at the same time?

Chris

In message , aris writes

Well I stand corrected. When did it change? (And does 'remote host' mean the Banks main system or an intermediate 'authorising' unit?).

With the advent of Chip&Pin, does this mean the ATM will rely on the old magnetic stripe technology? And leave Chip & Pin to the retailers?

Good question.

Each bank is responsible for the encryption between their ATM, and their 'host' system which does the verification of PIN's and checks balances etc. If you use your card in another country or at another banks ATM, it will typically go through a switching system like LINK or Maestro. For example, if your bank is connected to LINK, they will have their own seperate encryption keys from their host system to connect to LINK - and then LINK will have keys to connect to the issuing bank who will verify the PIN and authorise the transaction. These keys can all be different at each leg of the transmission - and there can be several legs.

Saying that most banks update keys on a daily basis is probably a misnomer - they can update them however often they want. This ranges from never - to every day.

Incidentally - every time a transaction goes via LINK or another switch - someone takes a small comission at each 'leg'. And you wonder why the banks are so keen on charging us for using ATM's!

Aris

A large UK bank will have say 3000 ATM's. It takes a few seconds to update an ATM with new keys - it's all automated. The bank is only responsible for the encryption between their ATM's and their host system that does the verification. Not all ATM's in the world have the same keys. See the other post I made in this thread for more info.

Aris

As far as I know, PIN's have never been on the card. The 'remote host' can be one box that does everything, or an intermediate machine which handles the ATM's - which then speaks to the banks main system to check balances. These boxes do a fair bit of work. Besides checking that you have enough money to withdraw, they manage the ATM's (which are fairly dumb machines) for tampering, faults, cash cartriges that are low on notes, or a journal roll which has finished, or machines which are jammed + lots more.

Chips on cards have been around for some time - and many ATM's have been or will be retrofitted to use the chip. So yes, ATM's will use the Chips - and many may already do so.

Eventually the magstripes will disappear. They are too much of a security risk (as shown on the BBC documentary last night), but until the whole world goes Chip&Pin, I suspect they will need to keep them.

There are legal/contractual implications with Chip & Pin with regard to liability on fraudulent transactions (on credit cards at least). The new rules come into place on 1 Jan 2005. They are shifing more of the liability to the merchant for non chip&pin transactions. Check

for more info. Aris

In message , aris writes

They certainly were in 1980s.

It is apparent we are talking about different types of machine because the ATM with which I once had a daily relationship, metaphorically speaking, handled all that internally, and they were 'off line' for most of the time. Then 'Branch Controllers' were introduced to manage the whole of a branch's workstations to which the ATM was connected. The 'Branch Controller' worked on batch processing and whilst it monitored the ATM, and was technically a 'remote host' to which the ATM was permanently connected, it was still within the same building but was not, itself, permanently online.

A 'Hotcard' file was downloaded daily with just those cards that were being misused, NOT every lost card. This would not be required if the ATM was checking every transaction online.

See below about the PIN then.

I'm fully familiar with that site, to which I have referred in the thread, from which it is made clear that the PIN is in the Chip.

You know what they say about nostalgia? Well, they're wrong. It really still is just like it used to be.