Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!mailrus!accuvax.nwu.edu!nucsrl!telecom-request From: davidb@pacer.uucp (David Barts) Newsgroups: comp.dcom.telecom Subject: ATM Handling of PINS Message-ID: <12369@accuvax.nwu.edu> Date: 19 Sep 90 19:09:14 GMT Sender: news@accuvax.nwu.edu Organization: TELECOM Digest Lines: 40 Approved: Telecom@eecs.nwu.edu X-Submissions-To: telecom@eecs.nwu.edu X-Administrivia-To: telecom-request@eecs.nwu.edu X-Telecom-Digest: Volume 10, Issue 661, Message 2 of 7 john@bovine.ati.com (John Higdon) writes: > Do you think that he is capturing all those > PINs in the back room so that he can retire to Tahiti? I would lay > odds that the merchant does not record your PIN, which is normally > simply sent along with the rest of the encrypted transaction to the > banking center or network... Precisely. If the ATM terminals found in stores are anything like the ATMs in banks, it just encrypts the number on the card and the PIN and sends them off to the bank computer for verification. The merchant has no business knowing what your PIN is -- that is confidential information between you and your bank. The only information that the merchant needs to know is that (a) the PIN you entered is valid, (b) there are sufficient funds in your account to pay for the purchase, and (c) that funds have been successfully transferred to pay for the purchase. If anything, this represents an increase in security over credit cards (with which the merchant gets a slip with your complete credit card number and signature on it -- all the information needed to commit fraud). The major issue with these devices (and also with virtually any other non-cash method of payment) is what happens to the record of your purchases after the bills have been settled. The technology already exists so that a laser-scan cash register, ATM terminal, and mainframe database could be tied together to keep a detailed record of every item you purchase. (I don't know if it is being done anywhere, but it certainly COULD be.) Who gets access to this information, and what is it used for? Targeting junk-mail advertising (a minor annoyance)? Targeting junk phone calls (a major annoyance)? Paranoia aside :-), I have never used any of these new ATM's because all the ones in the Seattle area seem to stick you with a surcharge. Paying with a bank card may be more convenient, but only marginally so and the tiny amount of convenience isn't worth the fee for me. David Barts Pacer Corporation, Bothell, WA davidb@pacer.uucp ...!uunet!pilchuck!pacer!davidb