Path: utzoo!attcan!uunet!wuarchive!mailrus!accuvax.nwu.edu!nucsrl!telecom-request
From: claris!netcom!ergo@ames.arc.nasa.gov (Isaac Rabinovitch)
Newsgroups: comp.dcom.telecom
Subject: Stealing ATM PINS
Message-ID: <12470@accuvax.nwu.edu>
Date: 23 Sep 90 15:43:32 GMT
Sender: news@accuvax.nwu.edu
Reply-To: claris!netcom!ergo@ames.arc.nasa.gov
Organization: UESPA
Lines: 26
Approved: Telecom@eecs.nwu.edu
X-Submissions-To: telecom@eecs.nwu.edu
X-Administrivia-To: telecom-request@eecs.nwu.edu
X-Telecom-Digest: Volume 10, Issue 669, Message 6 of 9


In <12369@accuvax.nwu.edu> davidb@pacer.uucp (David Barts) writes:

>john@bovine.ati.com (John Higdon) writes:

>> Do you think that he is capturing all those
>> PINs in the back room so that he can retire to Tahiti? I would lay
>> odds that the merchant does not record your PIN, which is normally
>> simply sent along with the rest of the encrypted transaction to the
>> banking center or network...

>Precisely.  If the ATM terminals found in stores are anything like the
>ATMs in banks, it just encrypts the number on the card and the PIN and
>sends them off to the bank computer for verification.

You're assuming that the terminal is functioning the way it was meant
to.  An obvious way to steal PINs would be to modify the terminal so
that it records each PIN before transmitting it.  True, this would be
too sophisticated a fraud to be managed by your typical dishonest
merchant (the kind that pads his credit-card transactions).  But it
occurs to me that somebody who knows your PIN can authorize a lot of
heavy-duty funds transfers.


ergo@netcom.uucp			Isaac Rabinovitch
{apple,amdahl,claris}!netcom!ergo	Silicon Valley, CA