Simon R Knight (srk@tcp.co.uk)
Wed, 5 Aug 1998 16:49:22 0000
> I am sick of getting pushed around by the bank telling me my 'pin'
> number is safer than a signature. What would a bank clerke know.
> Does anyone know anything about pin encryption on banking mag stripe
> cards? I believe track 2, ABA standard, but what of the encryption?
> I don't want to use it, I just need some amunition. -- jImbo
The encrypted PIN data is located on track 3, and the encryption
algorithm is given as a "private" algorithm determined by the bank.
This algorithm can be expected to be stronger than DES, the security
weakness of which is understood by the banks. Most PIN verification
is carried out directly online to the banks themselves these days
(not from a track 3 encrypted value), and ATM's will not pay out
money in offline mode. If you are concerned about phantom
withdrawals, simply keep a small sum in your "card" account (assuming
it is not a credit card), and the remainder in a deposit account to
which no card access has ever existed.
Simon R Knight
The following archive was created by hippie-mail 7.98617-22 on Sat Apr 10 1999 - 01:10:55