Rabid Wombat (wombat@mcfeely.bsfs.org)
Tue, 4 Aug 1998 02:51:22 -0400 (EDT)
My knowledge is US-centric, but AFAIK, PINs have been centrally
authenticated for quite a long time (here in US), due to the risks
associated with storing the PIN on the card. I recently changed the PIN
on my account, and was not issued a new card.
Your PIN is probably safer than your signature, even if your PIN were on
the card (unfortunately). Most banks these days use large clearinghouses
to process checks, and the people doing the clearing are usually
under-paid, sleep-deprived, working a graveyard-shift second job. I doubt
your signature is checked closely, and possibly not checked at all.
(again, US-centric, apologies to the rest of you)
I once wrote a check out to a bank for $2000, and it made it through both
the bank it was submitted to and the bank it was drawn on as a $20 check.
I've also had a check clear when I'd forgotten to sign it entirely.
I'd trust a PIN more than I trust signature verification, unless you are
using an account to process a fairly small number of large denomination
checks, and have arrangements made with your bank concerning signature
verification.
The bigger security risk (in the US, anyway), seems to be being abducted
and taken to a cash machine and forced to withdraw cash. For this reason,
it is best to keep a seperate "card account", and keep only a small
amount of cash in it. Keep the rest in another account, which is not
card-accessible.
Sorry for wandering off-topic ...
-r.w.
On Wed, 5 Aug 1998, Simon R Knight wrote:
> > I am sick of getting pushed around by the bank telling me my 'pin'
> > number is safer than a signature. What would a bank clerke know.
> > Does anyone know anything about pin encryption on banking mag stripe
> > cards? I believe track 2, ABA standard, but what of the encryption?
> > I don't want to use it, I just need some amunition. -- jImbo
>
> The encrypted PIN data is located on track 3, and the encryption
> algorithm is given as a "private" algorithm determined by the bank.
> This algorithm can be expected to be stronger than DES, the security
> weakness of which is understood by the banks. Most PIN verification
> is carried out directly online to the banks themselves these days
> (not from a track 3 encrypted value), and ATM's will not pay out
> money in offline mode. If you are concerned about phantom
> withdrawals, simply keep a small sum in your "card" account (assuming
> it is not a credit card), and the remainder in a deposit account to
> which no card access has ever existed.
>
> Simon R Knight
>
The following archive was created by hippie-mail 7.98617-22 on Sat Apr 10 1999 - 01:10:55