ATM limits.

Each ATM also has a list of "keys" inside it. One of these is used in combination with your card. The fraudster would have to get hold of all these keys (the hard bit), and try every combination with all numbers from

Why would a low-paid ATM technician know or be able to get the encryption keys? There are only a handful of ATM manufacturers in the world and they probably all have to buy the encryption unit from a single supplier. The units are bound to be tamperproof (ie wipe themselves at any sign of dodgy-ness), and I suspect it's pretty top secret where they are programmed. I'm sure they've thought of the security issues, although I should imagine they had to do a *lot* of thinking :-)

In message , Chris Blunt writes

Did the ATM allow you to insert your card?

I once helped install one of these. AFAICR there was a master key for the device, which was actually sent in two different parts to two people who each put it in independently.

I cant recall all the details now but you are correct, the device had to be shutdown in a specific way for maintenance or it would wipe all the data within it.

If the screen indicates that the machine is offline, then it won't even accept a card.

Sometimes the machine appears to be normal but after attempting a withdrawal it comes up with a message saying its unable to contact my bank and refuses to process the transaction.

In either case I end up with no cash.

Chris

In message , Chris Blunt writes

Does it use the word 'offline'? I have never seen that.

A 'foreign' card will be detected by the machine and it will then seek further authority either from a local 'authenticator' which can either be 'online' to a more authoritative authorising source or it is able to authorise transactions within certain parameters itself. A 'local' would still be able to get dosh.

I don't remember the exact wording, but it says something to that effect. I'll have to make a note of it next time. That should be long as its a frequent occurrence.

No. I have a couple of local cards as well and they don't work either in those situations. I've experienced situations where a card from another local bank would not work in a particular machine, but a card issued by the same bank at the bank whose ATM it was being used in would. The rejection message shown is usually 'we are unable to contact your bank'.

I've been in the USA and been unable to use an ATM because they could not contact the UK bank. Had to resort to using a credit card advance instead.

Some very interesting information here from a friend of mine (he was the one who explained to me how the local PIN verification system works...)

So, just going back to the OPs comments, does this mean that providing one has enough cash on the card the ATM machine (whether on its own or in consultation with the host) would NOT:

a) object to multiple withdrawals, say 5 X 700. b) not think anything dodgy was going on (I think the OP said the machine might suspect fraud of some kind.

Also, what about foreign banks in the UK, like Bank of Cyprus or whatever; might they not have different limits from UK banks. Not necessarily that bank, perhaps some Middle eastern ones?

Your bank will normally set a daily withdrawal limit - so you should not be able to withdraw more than that in any given day. Each bank has its own limits, and its own rules. Since every transaction has to be authorised by your bank, they set the rules - so going to a different banks ATM and hoping for more cash is probably not going to work. They can even set the rules for each individual customer.

Aris

A very good question.

One answer if your concerned over PIN security is if you don't want a PIN becuase of a disability, or your partially sighted, or, like me your unhappy with the shift of liability or lack of PIN security then ask your issuer for a Chip & Signature Card.

(If fraud is committed before you notice your card is lost, stolen or cloned you can deny a signature, but how can you say you weren't negligent with your PIN? If you have lots of cards, is having them all operate with same PIN good practice? If it is then why not use the same password for everything?)

James

"James" wrote

The shift is from the card issuer to the merchant, when a signature is used instead of the PIN. Why are you unhappy with *that* shift, which doesn't affect *you*?

"James" wrote

That's up to you. Don't give your PIN to others!!

"James" wrote

Then, as the merchant will take the risk from a transaction with signature (rather than card issuer previously) - you may find some/many(?) merchants not accepting credit cards without PIN...

"James" wrote

Easily - if it is true, then there is no reason why you couldn't insist that you hadn't been negligent. Who on earth do you think is going to stop you stating the truth??

Unfortunately I don't think this is completely true, there's a very trivial way of demonstrating a cloned card was used in the event of a signature, there's no such similar method with a PIN. So

Except of course there's millions of places where you are entering the PIN in inadequately screened environments - how many card readers and cameras are there sitting on ATM's at the moment?

Will their merchant agreements allow this, I would find this pretty surprising given their previous requirements, in any case, are they really likely to lose the sale...

It's proving it trivially that's the problem, do you want to wait many months whilst it goes through courts?

Jim.

OK, but what the OP wrote was:

was wondering what the maximum amount that can be taken out of UK ATM's is?

Presumably it is dependent upon: a) the debit/credit card. b) the ATM - in terms of how much the machine can hold; and how much it allows the individual to withdraw.

So, in theory if the card had a limit of 10K per day, would this work in practice?

He is saying that the card is authorised to take out as much as it can, so the question is how much will a certain bank's ATM permit, and if the limit is 500 then can one just put the card back in again and again, say until 10K is removed, or will, for whatever reasons, the ATM prevent this?

My Abbey National (now Abbey) account allows £500 a day. When they first upped the limit they wrote to me saying take £250 and then put the card back in and take £250 more. It now allows the £500 in one transaction. I have not tried this in other banks ATMs as it is not the 'primary' account that I want to withdraw from.

Not sure if this helps the discussion.

Simon