Re: duress ATM codes

[Kevin Shalla <kshalla () UIC EDU>]

The key here is to make sure the bad guy doesn't know what your true
bank balance is.  If the receipt said "Thanks for using the duress
PIN; your balance of $1497.36 is safe with us, so tell the bad guy
you don't have any money" that would be one thing, but the receipt
should say "we're sorry, your balance is $18.37, and so is too low to
withdraw from this machine".  Why would the criminal think your
balance is greater than $18.37?

We could make a comparison to a bank teller (he presses the silent
alarm, but still cheerfully dispenses money), but bank robbers rob
banks because "that's where the money is", and individuals may or may
not have any money.  A teller cannot tell the robber that the bank
just ran out of money, because banks ALWAYS have money.  In contrast,
a robber demanding money of an individual has no idea how much money
the person really has.  He's not going to take the time to check
inside shoes, money belts, neck pouches, etc. if the person has a
wallet.  It's too risky to do extensive searches.  I'm trying to make
ATM visits risky to the robber as well

What I'm getting at here is that the criminal has no way to know if
you're bluffing or not, and if word gets around (Muggers Illustrated)
that robberies via ATMs often yield nothing and include a quick
police visit, they're likely to settle for your wallet.

At 11:10 AM 12/15/2005, you wrote:
> Better keep this real quiet so the bad guys don't find out. Cuz if
> they knew the secret, they say, "OK, sucker, be sure to enter the
> right PIN. If the machine says you ain't got no money, I'm gonna
> blow your head off."
>
> So...shhhhhhhh!
>
> Steve
> -----
> At 11:02 AM -0600 12/15/05, Kevin Shalla wrote:
> >I know that the SecureID product used to (and perhaps still does)
> offer the ability for the user to supply a "duress" PIN when
> accessing a system, which could immediately alert security
> personnel that the user is being threatened.  Does anyone know if
> any banks have implemented this at ATMs?  I could imagine something
> like this:  A victim is carjacked and brought to an ATM and forced
> to withdraw cash.  The victim enters in the duress PIN, and the
> machine reports that the victim's balance is some random amount
> under $20 (maybe even overdrawn), and so cannot get any money.  The
> police are automatically given the location of the ATM, along with
> a photo of the transaction which just occurred.  If this were a
> standard feature (and victims could think well enough under stress
> to enter the duress PIN instead of the real PIN), this type of
> crime might be eliminated.