Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!mnetor!seismo!husc6!cmcl2!philabs!aecom!mkaplan
From: mkaplan@aecom.YU.EDU (Marc Kaplan)
Newsgroups: sci.crypt
Subject: Re: ATM security (was Re: DES info wanted)
Message-ID: <1071@aecom.YU.EDU>
Date: Sun, 17-May-87 20:40:49 EDT
Article-I.D.: aecom.1071
Posted: Sun May 17 20:40:49 1987
Date-Received: Tue, 19-May-87 01:16:09 EDT
References: <2071@hoptoad.uucp> <599@umnd-cs.D.UMN.EDU> <5747@eddie.MIT.EDU> <294@kuling.UUCP>
Organization: Albert Einstein College of Medicine, NY
Lines: 19
Summary: Three or Four considered too little.

In article <294@kuling.UUCP>, andersa@kuling.UUCP (Anders Andersson) writes:
> In article <1060@aecom.YU.EDU> mkaplan@aecom.YU.EDU (Marc Kaplan) writes:
> >	BTW, I assume that the ATMs will temporarily invalidate a card if
> >a few hundred bad attempts are made to remove money.  At least, thats how
> >I would do it.
> 
> If you make three (or maybe four) failing attempts in a row with the same
> card at a Swedish ATM, the machine will swallow the card and physically
> deface it (>burp!<), and you'll have to contact your bank to get a new one.

	While I admit a few hundred is too much, three or four is too little.
Last week I made two mistakes before getting it right.  With this method, if
I came back the next morning and made *one* mistake, my card is history.  For
a 'bad guy', on the other hand, four attempts are not likely to net him the
number.  Four thousand is more like it.


						...aecom!mkaplan
						Eric Safern