Path: utzoo!utgpu!jarvis.csri.toronto.edu!mailrus!accuvax.nwu.edu!nucsrl!telecom-request From: tell@oscar.cs.unc.edu (Stephen Tell) Newsgroups: comp.dcom.telecom Subject: Re: Phone Credit Cards Message-ID: <3756@accuvax.nwu.edu> Date: 12 Feb 90 00:20:18 GMT Sender: news@accuvax.nwu.edu Reply-To: tell@oscar.cs.unc.edu (Stephen Tell) Organization: University Of North Carolina, Chapel Hill Lines: 49 Approved: Telecom@eecs.nwu.edu X-Submissions-To: telecom@eecs.nwu.edu X-Administrivia-To: telecom-request@eecs.nwu.edu X-Telecom-Digest: Volume 10, Issue 93, message 6 of 8 In article <3735@accuvax.nwu.edu> dave%westmark@uunet.uu.net (Dave Levenson) writes: X-Telecom-Digest: Volume 10, Issue 91, message 7 of 9 >In article <3585@accuvax.nwu.edu>, jad@dayton.dhdsc.mn.org (J. Deters) writes: >> >>Note: Bank ATM cards, like telco cards, _do_ have your PIN >> >>magnetically encoded on the card. >> >Although that was true for some early ATMs, it's not generally true >> >any more. ... >> It is definitely no longer true. .... >Perhaps it is not true today, but less than a year ago when I was >issued a new card, they put it into a machine and handed me a >keyboard, telling me to select and enter a PIN. After I did so, the >machine apparently updated the mag stripe on the card. In any case, >the only external connection to that machine was its power-cord. If >it didn't communicate the PIN to anyplace, it must have written it >on the card (perhaps encrypted, like the password field in /etc/passwd?) I think encryption is the key (sorry 'bout the pun). Many years ago, my father worked at a bank and as they were installing ATM's and such explained to me that the PIN and account number were dropped toghether through a trap-door algorithm and the result encoded on the card along with the account number. When you enter your PIN, the same algorithm is applied, and the results compared. Sounds just like /etc/passwd to me. I won't mention the name of the bank, since he just left the company under a complex set of circumstances. It was, however, in New Jersey, and so might be the bank Dave mentioned. This has wandered a bit from telecom, but since the answer is relevant to phone cards as well, I thought I would add my $0.02. Additional telecom trivia: I recently called my parents in NJ on 908-464-XXXX successfully; until then they didn't know which side of the 201/908 split they were on. Steve Tell tell@wsmail.cs.unc.edu CS Grad Student, UNC Chapel Hill. 919-968-1792 Former chief engineer, Duke Union Community Television, Durham, NC.