Rabid Wombat (wombat@mcfeely.bsfs.org)
Wed, 5 Aug 1998 21:57:19 -0400 (EDT)
On Thu, 6 Aug 1998, Simon R Knight wrote:
> > Well it probably dialled out to verify the PIN after collecting all
> > the information it needed. So in my opinion the incident you
> > describe does not prove in any way that the PIN is on the card.
> >
>
> It is not necessary to "prove" the existence of an encrypted PIN
> value on many bank cards, but simply read the related BS/ISO/ANSI
> standards. A special field is provided on track 3 (where track 3 is
> used) for this encrypted PIN value.
>
> Simon R Knight
>
This doesn't mean that track three is actually used to store an encrypted
PIN in a given application. It merely means that a provision has been made
in the standard to store an encrypted PIN in that location. AFAIK, PINS
have not been stored on the card (in the US, anyway) for quite a long
time. I have had a PIN changed without having my card changed or placed in
any form of a card reader/writer. This would seem to me to be fairly a
conclusive indication of a central authentication mechanism.
In the case of the system described above, which accepted a PIN and
instructions before dialing out, it is likely a low-volume system that
can't justify the cost of a leased line. The system would simply accept
any PIN, together with instructions, and then package them into one
transmission to the host. If the PIN checks out and a sufficient balance
is in the account, the remote unit is authorized to fork over the money.
If the PIN or balance don't check out, no dough. Saves making the user
wait through two phone calls (and you probably wouldn't want the machine
accepting incommimg calls, by the way).
Using dial-up instead of nailed up lines would also allow a system in an
area where more than one ATM network exists, but there is no central,
high-speed tie between these systems, to obtain access to more than one
net by dialing different numbers to access different service providors.
btw-
The ATM systems I've worked with (datacomm, not crypto) ran SNA over a 19.2
Kb/s leased line.
-r.w.
The following archive was created by hippie-mail 7.98617-22 on Sat Apr 10 1999 - 01:10:56