Path: utzoo!utgpu!watserv1!watmath!iuvax!mailrus!accuvax.nwu.edu!nucsrl!telecom-request
From: jad@dayton.dhdsc.mn.org (J. Deters)
Newsgroups: comp.dcom.telecom
Subject: Re: Phone Credit Cards
Message-ID: <3585@accuvax.nwu.edu>
Date: 7 Feb 90 17:19:04 GMT
Sender: news@accuvax.nwu.edu
Reply-To: jad@dayton.UUCP (J. Deters)
Organization: Dayton-Hudson Dept Store Co.
Lines: 42
Approved: Telecom@eecs.nwu.edu
X-Submissions-To: telecom@eecs.nwu.edu
X-Administrivia-To: telecom-request@eecs.nwu.edu
X-Telecom-Digest: Volume 10, Issue 80, message 4 of 10


> Article <3564@accuvax.nwu.edu> From: johnl@esegue.segue.boston.ma.us 
(John R. Levine)

>In article <3532@accuvax.nwu.edu> dave%westmark@uunet.uu.net (Dave Levenson) 
>writes:

>>Note: Bank ATM cards, like telco cards, _do_ have your PIN
>>magnetically encoded on the card.

>Although that was true for some early ATMs, it's not generally true
>any more.  The number from your card along with the PIN you enter are
>sent along to the issuing bank for validation.  My bank sends out

It is definitely no longer true.  I program the Point-Of-Sale
equipment for Dayton-Hudson Dept. Stores Co., and have had to do an
awful lot with MSR cards these days!  With the advent of Electronic
Funds Transfer at the point of sale, security became a huge issue (we
currently have no plans to implement EFT in the near future, but the
latest release of IBM software has it coded.)  At the Point Of Sale,
IBM sells a special customer 10-key pad and Mag Stripe Reader that
encrypts the PIN prior to transmission to the terminal.  At no time is
the data (PIN) transmitted in the clear (not even to the base unit of
the cash register.)

It's a shame that this isn't more widely known.  I think that more
people might be inclined to trust a system like that iff they knew
that their data was secure.  Of course, 95% of the people don't care
one whit if their PIN is secure, because they're unaware of the
consequences of losing it :-).

Oh, as to selecting PINs: My banker just asked me for a number when I
signed up for the card.  I said, "Just some random number, please."
He asked me "How about 6677?"  I sighed and got out my pocket
calculator (with the random number generator) and gave him four
digits.  He just gave me this funny look...


J. Deters
INTERNET:  jad@dayton.DHDSC.MN.ORG    .\ /.    "Smile -- Cthulu loathes you!"
UUCP:  ...!bungia!dayton!jad         \_____/
ICBM:  44^58'36"N by 93^16'12"W