OT: Banc of America Article

["Al Rowland" <alan_r1 () corp earthlink net>]

Just for grins,

The PIN is on your card, likely encrypted, this based on the fact that
most ATMs will reject your card at the initial PIN prompt before you try
to execute any transaction, as is likely your balance and daily
withdrawal limit but the Kwik-E-Mart system might not have a way to see
that you've already withdrawn your daily limit from three other ATMs
etc. I use a not-my-bank ATM in the lobby at work and it doesn't
initiate the call (you can hear the modem dial) until you're beyond the
PIN screen and are actually requesting a transaction. My daily limit at
my home bank is significantly higher than my daily limit at
non-home-bank ATMs so that might be a local feature rather than hard
coded to your card. (or readable by the particular machine you're using,
who knows what your bank considers privacy or proprietary information.) 

Just conjecture, no way to know how this specifically works without
looking at the BoA specific ATM code but I'd be willing to bet the code
errs on the side of customer convenience over absolute security. See
most software as examples.

Best regards,
______________________________
Al Rowland

> -----Original Message-----
> From: Charles Sprickman [mailto:spork () inch com] 
> Sent: Wednesday, January 29, 2003 10:19 AM
> To: Al Rowland
> Cc: nanog () merit edu
> Subject: RE: Banc of America Article
>
>
> On Wed, 29 Jan 2003, Al Rowland wrote:
>
> > Or,
> >
> > IIRC, the ATM system is similar to CC transactions. A best 
> effort is 
> > made to authorize against your account (Credit Card or 
> Banking) but if 
> > it fails and the transaction is within a normal range (your 
> daily card
> > limit) the CC/ATM completes the transaction.
>
> So you're telling me that if I go to Kwik-E-Mart, cut the 
> wires, put my card with a $0 balance in it will happily let 
> me withdraw money?  Somehow that doesn't sound right.  How 
> would it know my PIN, or would it assume I entered it 
> correctly?  How would it know my daily card limit?
>
> Charles
>
> > Best regards,
> > ______________________________
> > Al Rowland
> >
> > > -----Original Message-----
> > > From: owner-nanog () merit edu 
> [mailto:owner-nanog () merit edu] On Behalf 
> > > Of Leo Bicknell
>
> > > Sent: Tuesday, January 28, 2003 8:03 PM
> > > To: nanog () merit edu
> > > Subject: Re: Banc of America Article
> > >
> > >
> > >
> > > FWIW:
> http://www.washingtonpost.com/wp-dyn/articles/A57550-2003Jan28
.html
> > "About 13,000 Bank of America cash machines had to be shut down. The

> > bank's ATMs sent encrypted information through the Internet, and 
> > when the data slowed to a crawl, it stymied transactions, according 
> > to a source, who said customer financial information was never in 
> > danger of being stolen."
> >
> > --
> >        Leo Bicknell - bicknell () ufp org - CCIE 3440
> >         PGP keys at http://www.ufp.org/~bicknell/
> > Read TMBG List - tmbg-list-request () tmbg org, www.tmbg.org