[55517] in North American Network Operators' Group
Re: Banc of America Article
daemon@ATHENA.MIT.EDU (David Howe)
Thu Jan 30 10:02:36 2003
From: "David Howe" <DaveHowe@gmx.co.uk>
To: "Email List: nanog" <nanog@nanog.org>
Date: Thu, 30 Jan 2003 12:22:16 -0000
Errors-To: owner-nanog-outgoing@merit.edu
at Wednesday, January 29, 2003 6:35 PM, Al Rowland
<alan_r1@corp.earthlink.net> was seen to say:
> The PIN is on your card, likely encrypted
IIRC, the actual answer is a bit simpler - an initial pin is
*calculated* from your account number (which *is* stored on the card)
and an offset (also on the card) is applied to give the pin you actually
type.
> Just conjecture, no way to know how this specifically works without
> looking at the BoA specific ATM code but I'd be willing to bet the
> code errs on the side of customer convenience over absolute security.
Possibly. unfortunately (here in the uk at least) "the system" also
defaults to believing that only the registered owner could possibly use
the card - hence lots of cases over "phantom withdrawls" that the bank
refuses to refund. So customer convenience is ok provided it comes free
for the bank :)
