ergo@ames.arc.nasa.gov (Isaac Rabinovitch) (09/23/90)
In <12369@accuvax.nwu.edu> davidb@pacer.uucp (David Barts) writes: >john@bovine.ati.com (John Higdon) writes: >> Do you think that he is capturing all those >> PINs in the back room so that he can retire to Tahiti? I would lay >> odds that the merchant does not record your PIN, which is normally >> simply sent along with the rest of the encrypted transaction to the >> banking center or network... >Precisely. If the ATM terminals found in stores are anything like the >ATMs in banks, it just encrypts the number on the card and the PIN and >sends them off to the bank computer for verification. You're assuming that the terminal is functioning the way it was meant to. An obvious way to steal PINs would be to modify the terminal so that it records each PIN before transmitting it. True, this would be too sophisticated a fraud to be managed by your typical dishonest merchant (the kind that pads his credit-card transactions). But it occurs to me that somebody who knows your PIN can authorize a lot of heavy-duty funds transfers. ergo@netcom.uucp Isaac Rabinovitch {apple,amdahl,claris}!netcom!ergo Silicon Valley, CA
John Higdon <john@bovine.ati.com> (09/24/90)
On Sep 23 at 17:39, Isaac Rabinovitch writes: > But it > occurs to me that somebody who knows your PIN can authorize a lot of > heavy-duty funds transfers. Only if there are heavy-duty funds to transfer. Also, I know of no place an ATM card (BTW, where does someone who has your PIN get a duplicate card?) can transact large amounts in one transaction. CASH ATMs have a small limit, and how much gas CAN you pump into your RoadHogster. As far as "transfering" money goes, it can only be done between accounts under the control of the card holder. And if it goes into a merchant account, how much trouble would it take to figure out who was up to something? Sorry, I don't consider this a real problem. Has it ever happened? I've never heard of a case. John Higdon | P. O. Box 7648 | +1 408 723 1395 john@bovine.ati.com | San Jose, CA 95150 | M o o !
Jack.Winslade@f666.n285.z1.fidonet.org (Jack Winslade) (09/27/90)
In a message of <24 Sep 90 02:20:38>, John Higdon () writes: >Sorry, I don't consider this a real problem. Has it ever happened? >I've never heard of a case. Yes, it has, as is widely (??) known in this bit of Omaha/hacker trivia: A couple who lived not too far from where we live was arrested a couple of years ago for conspiring to rip off many kilobucks, a few hundred at a time, from ATM machines. The guy worked for a company that developed ATM software and happened to come across a 'live' list of cards and PINs. They made a crude but usable machine to write the data on surplus mag tape and then glued (or taped, I forget) the strips to cardboard cards. They planned to rip off a whole slew of ATMs somewhere in California over one holiday weekend. They needed some help, since the scam would obviously work once and only once, so they recruited some <ahem> trusted friends and relatives. One of them snitched and they were caught with their pants down, but not before they had tested their goodies and had proven that they worked. I have the entire story somewhere, but I can't find it right now. It was written up in the Omaha Weird-Herald shortly after they were arrested and hit the national wire. If/when I can find it, I will key it in and send it along. Good Day! JSW [1:285/666@fidonet] DRBBS Technical BBS, Omaha (1:285/666) --- Through FidoNet gateway node 1:16/390 Jack.Winslade@f666.n285.z1.fidonet.org