nate@altos86.UUCP (Nathaniel Ingersoll) (12/10/88)
The way I look at it, all ATM cards (at least all the ones I've ever run across) do not have their PIN encoded on the card. When you do a transaction, the following events must happen: 1) enter card 2) enter pin 3) select transaction 4) success: result of action 5) failure: notification Now, if your PIN was encoded on the card, you could be informed of PIN failure immediately after (2). However, the ATM waits to perform all data transfer until it has all necessary information, so it probably sends whatever you entered for a PIN, your transaction data, and whatever else, to the remote computer, which then validates the PIN and transaction. Make sense? -- Nathaniel Ingersoll Altos Computer Systems, SJ CA ...!ucbvax!sun!altos86!nate altos86!nate@sun.com
fyl@ssc.UUCP (Phil Hughes) (12/12/88)
In article <753@altos86.UUCP>, nate@altos86.UUCP (Nathaniel Ingersoll) writes: > However, the ATM waits to > perform all data transfer until it has all necessary information, > so it probably sends whatever you entered for a PIN, your transaction > data, and whatever else, to the remote computer, which then > validates the PIN and transaction. As dumb as it may seem, here is what really happens on most ATMs (IBM and Diebold in particular). It is not, however, the way it works on the system I worked on. We figured a reader terminal was smart enough to figure out what to do next :-) 1. You enter your card and the ATM sends the card number to the network 2. The network tells the ATM to get the PIN 3. The ATM asks for the PIN and waits. When it gets it, it sends it to the network. 4. ... You get the idea I am sure. There is a mainframe talking over a serial line to a bunch of extremely dumb terminals. The good news is that the PIN is encrypted at the ATM before it is sent and it is sent in a different message than the card number. This means that tapping the communications line does not give you the necessary information to make a bogus card and use it in another ATM. -- Phil Hughes, SSC, Inc. P.O. Box 55549, Seattle, WA 98155 (206)FOR-UNIX uw-beaver!tikal!ssc!fyl or uunet!pilchuck!ssc!fyl or attmail!ssc!fyl