at Wednesday, January 29, 2003 6:35 PM, Al Rowland <alan_r1@corp.earthlink.net> was seen to say:
The PIN is on your card, likely encrypted IIRC, the actual answer is a bit simpler - an initial pin is *calculated* from your account number (which *is* stored on the card) and an offset (also on the card) is applied to give the pin you actually type.
Just conjecture, no way to know how this specifically works without looking at the BoA specific ATM code but I'd be willing to bet the code errs on the side of customer convenience over absolute security. Possibly. unfortunately (here in the uk at least) "the system" also defaults to believing that only the registered owner could possibly use the card - hence lots of cases over "phantom withdrawls" that the bank refuses to refund. So customer convenience is ok provided it comes free for the bank :)