Just for grins, The PIN is on your card, likely encrypted, this based on the fact that most ATMs will reject your card at the initial PIN prompt before you try to execute any transaction, as is likely your balance and daily withdrawal limit but the Kwik-E-Mart system might not have a way to see that you've already withdrawn your daily limit from three other ATMs etc. I use a not-my-bank ATM in the lobby at work and it doesn't initiate the call (you can hear the modem dial) until you're beyond the PIN screen and are actually requesting a transaction. My daily limit at my home bank is significantly higher than my daily limit at non-home-bank ATMs so that might be a local feature rather than hard coded to your card. (or readable by the particular machine you're using, who knows what your bank considers privacy or proprietary information.) Just conjecture, no way to know how this specifically works without looking at the BoA specific ATM code but I'd be willing to bet the code errs on the side of customer convenience over absolute security. See most software as examples. Best regards, ______________________________ Al Rowland
-----Original Message----- From: Charles Sprickman [mailto:spork@inch.com] Sent: Wednesday, January 29, 2003 10:19 AM To: Al Rowland Cc: nanog@merit.edu Subject: RE: Banc of America Article
On Wed, 29 Jan 2003, Al Rowland wrote:
Or,
IIRC, the ATM system is similar to CC transactions. A best effort is made to authorize against your account (Credit Card or Banking) but if it fails and the transaction is within a normal range (your daily card limit) the CC/ATM completes the transaction.
So you're telling me that if I go to Kwik-E-Mart, cut the wires, put my card with a $0 balance in it will happily let me withdraw money? Somehow that doesn't sound right. How would it know my PIN, or would it assume I entered it correctly? How would it know my daily card limit?
Charles
Best regards, ______________________________ Al Rowland
-----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] On Behalf Of Leo Bicknell
Sent: Tuesday, January 28, 2003 8:03 PM To: nanog@merit.edu Subject: Re: Banc of America Article
FWIW:
http://www.washingtonpost.com/wp-dyn/articles/A57550-2003Jan28 .html
"About 13,000 Bank of America cash machines had to be shut down. The
bank's ATMs sent encrypted information through the Internet, and when the data slowed to a crawl, it stymied transactions, according to a source, who said customer financial information was never in danger of being stolen."
-- Leo Bicknell - bicknell@ufp.org - CCIE 3440 PGP keys at http://www.ufp.org/~bicknell/ Read TMBG List - tmbg-list-request@tmbg.org, www.tmbg.org