Each ATM is connected to the bank, either directly (say this is an ATM at your bank) or indirectly through an intermediary called as “switch” (say this is an ATM at somebody else’s bank or a supermarket).
Only information flows through this connection, not the bills!
The information transmitted typically includes your account number, the amount, and your PIN. The PIN is encrypted before sending it, so that even somebody with a wiretap would not be able to determine what your PIN is.
I disagree with the statement that the PIN is encoded on the ATM card…I’ve always read that the PIN is accessed once your account is brought up from your bank record. This is evidenced by the fact that most banks allow you to change your PIN without recoding your card.
Chad, who stated that the PIN is encoded on the card? I stated that the PIN is transmitted (meaning from data entry, not the card, just like the amount is entered via keyboard rather than encoded on your card).
Actually, every account number, given some specific encryption key, has a “natural” PIN.
Some cards DO have a PIN “offset” (from this “natural” PIN) encoded on the card, not the PIN itself. This CAN be used for PIN verification on some ATMs. As you pointed out, for this to work your card must be recoded when you change your PIN.
It’s a standard encryption procedure to deal not in the raw key (the PIN) itself, but in a hash. The hash is generated by taking the key and running it through an algorithim (3DES, Triple-Round Blowfish, and RC5 are some of the more common ones.) that deals in some sort of manipulation using large primes. The newly encoded PIN, or hash, can now be safely stored on your ATM card, as the hash is worthless, the computations to descramble the hash into an understandable sequence are too CPU intensive (for now). When you pop your card in, and enter your pin, it runs the same algorithim on it, and if your results match, it spits out your money. So you see, at no time does it ever send your real PIN across the network, just the hash. Hope this makes sense.
But the hash isn’t really “worthless” in this case, is it? My ATM PIN only has four digits. That’s only 10,000 possible combinations, It can’t be all that difficult to go through all 10,000 combinations to find the one that matches my PIN hash. Do most ATM cards have more than four digits?
Geoff, you raise a valid point. The ATM card’s pin is only 4 digits. This, in itself is laughable for the security industry. The hash is much greater than four digits. But, if given time (and the proper algorithim, and a mag strip reader, not to mention that the info on how ATM cards are encoded isn’t widely distributed. Maybe I’ll look into that…) You could easily go through the 10,000 combinations in about an hour (More likey , less.) Once you found a match you’d have a PIN. This does seem too simple. Hmm. Security is frequently traded for convienience. The other possibilty being that your PIN is only a key to a longer, encrypted key encoded on the card. Your PIN would be, in PGP terms, your Passphrase. The encrypted key would be similar to your private key, you follow? It seems awfully complex for mere convienience banking. Allow me to look further into this.
I also assume that there are safeguards, such as a shut-down or alert if someone has entered the PIN wrong, N times. Otherwise, there’s not much security there.
I’ve been told that most ATMs will “eat” the card if the wrong PIN is entered 3 times. based on this, if for some reason I botch my PIN twice, I go to a different ATM before trying again.
I’ve heard the same theory about the eaten card. I don’t care to test it though. What I do know though, is that (at least my bank) keeps a record of every bad PIN you enter. So if they saw someone trying to guess through trial and error, they could alert you, and/or disable your card. What you are missing though, is the fact that if you get the correct hash, which is spawned from the PIN, you’ll know what the PIN is. You wouldn’t need to guess, you’d already have the PIN.
dcrimson, I don’t think that having the PIN be a passphrase for a longer key will help either. Because then all the bad guy has to do is go through all of the PINs and then see what long keys they generate (there will still only be 10,000 of them) and then run those long keys through the hash algorithm.
I suspect that there’s no kind of cryptographic manuevering that will get over the fact that the passphrase is only four digits long. Presumably the banking industry figured out that it is less expensive to eat the losses than come up with a more secure system. At least, that would be my guess.
Most newer machines (at least in the NY Metropolitan area) don’t even require you to keep the card in the slot while you’re using it; just insert it, remove it, and continue with your transaction. My suspicion is that instead your card is disabled electronically at the server end, and you’d need to go back to your bank after getting your PIN wrong X times (X is probably some number < 10, so trying each possible PIN wouldn’t work).