Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!utgpu!water!watmath!clyde!rutgers!ames!amdcad!sun!texsun!smu!sneaky!authorplaceholder
From: authorplaceholder@sneaky.UUCP
Newsgroups: sci.crypt
Subject: ATM secret codes
Message-ID: <-63293659@sneaky>
Date: Sun, 31-May-87 15:11:00 EDT
Article-I.D.: sneaky.-63293659
Posted: Sun May 31 15:11:00 1987
Date-Received: Tue, 9-Jun-87 05:39:19 EDT
Lines: 44
Nf-ID: #N:sneaky:-63293659:000:2403
Nf-From: sneaky.UUCP!gordon    May 31 14:11:00 1987


Re:  insecurity of choosing your own ATM card secret code number

> Consider the following (historical) scenario:  Kid steals nickle from
> mother's purse, goes to candy store, buys candy.  Now update it using
> your ATM card...  and don't forget that convenient secret code number!

Also consider this:  thief steals entire wallet/purse.  The thief can
get the victim's name and birth date (driver's license), license plate
number (car registration), spouse's name and phone number ("In case of
emergency contact ..."), phone numbers and names of relatives (phone book/
reminder list/photographs), and all of these are good numbers to try.  Also,
if this choose-your-own-number scheme becomes popular and is limited to 4
digits, trying numbers of the form 19xx and [01-12][01-31] on cards obtained
without any other info may have a much higher success rate than random
guessing.  If there is more than one ATM card in the wallet/purse, the
same number probably works on all of them.

Using letters instead of numbers, and mapping them into numbers (the usual
phone-dial mapping, although there may be some problem that this mapping
is different in different countries) might generate a somewhat more random
number, but it's still too short.

> One last complaint:  (This belongs somewhere else, sorry)  When I stand
> up straight at most ATM's, I can't see the slot where the card comes
> out.  Thus, it is moderately easy to lose the card through
> forgetfulness.  I'm only 6 feet tall.  Now as I get older, I'll get
> shorter, so this problem should go away... assuming senility doesn't set in.

All of the ATM's I have used in the last few years (Texas, USA) beep at you
until you remove your card.  Except for the deaf, this seems to be a reasonable
reminder not to forget to take your card.  The display also tells you to
remove your card, but if you have already grabbed your money and turned to
leave, that doesn't help.  I think, but have never tested it, that if you don't
remove your card in some small amount of time (the screen says "Please remove 
your card in 30 seconds".  It might be a bluff, but I don't think so), it eats 
the card so a thief can't grab it.  (Unless the person behind you in line is a
thief or a dishonest person taking advantage of "luck").  

> Robert Weiss
> umnstat!weiss@umn-cs.ARPA
> ihnp4!umn-cs!umnstat!weiss
					Gordon Burditt
					ihnp4!sys1!sneaky!gordon