We bounced around an idea here. If you all want to use it for free be our guest (maybe others have thought of it).
When people open a bank account, why don’t the accounts get two different PINs assigned;
both allow money withdrawal, but one of them instantly alerts authorities that a “robbery/hostage” situation is taking place.
So if a person is coerced into withdrawing money, the victim uses the emergency PIN which lets them withdraw cash, while at the same time sending out an alarm.
Many card-and-PIN personnel entry systems use both a PIN and a “Duress PIN.” The duress PIN is usually some simple permutation of your chosen PIN (“add three” or “subtract one” for example) so that you can type it in as quickly as you would your normal PIN. A PIN of 1234 would then become 1237 or 1233, and unless you’ve chosen a PIN with personal significance (birthday, address, etc.), or one that spells a word on the keypad, you can even tell the person using your card what your duress PIN is off the top of your head.
With personnel entry systems, the duress PIN permits entry while alerting the guards of the building (and/or local police, or appropriate level of force for facility being protected). The idea is, as you suggested, to allow the criminal to gain access without raising his suspicions (and endangering the compromised person).
The system I have in mind only allowed one person through for each PIN entered before sounding an alarm. This means that the hostage would have to be left outside of the secure area if the hostage-taker wanted access. This frees the hostage and leaves the hostage-taker without a human shield.
Security could then lock down all entry or exit into the region with the criminal, isolating him with the minimal amount of compromised data/people/systems. Then they come in with guns and big sticks and body armor.
For what it’s worth, I’ve never seen this in a bank or ATM, but I can imagine that it would be useful in a well-monitored facility. Your biggest problem implementing it in a public space is fraud: a person could use their duress PIN at an ATM, and show up with a ski-masked accomplice, then help him/her get away and file a completely bogus anti-helpful report with the cops.
I asked this to my security officer and he told me that it can be done but because of liability reasons they won’t. They don’t want to be sued for not responding in time.
My guess is that it wouldn’t be worth all of the false alarms. People that use my bank have enough trouble remembering one PIN number, i think that keeping the two of them straight would lead to alot of “oh i can’t remember my real pin number, but i’ll just use this to get my money out and be gone before the police show up.”
Our security alarm and our bank vault both have the 2nd pin number feature though.
There’s also the issue that people occasionally mistype their PIN, so if the two are similar, you’d get a lot of false alarms. And if they’re completely different, then it’s going to be hard to memorize the duress PIN, especially since you don’t use it regularly. I imagine that places with duress-PIN entry systems have a higher standard of security, and that authorized personnel are trained for emergencies like this.
I don’t think that fraud would be a big problem; it’s already possible for people to claim they were forced to make a withdrawal at gunpoint. How would using a duress PIN for this be any more effective than calling 911 on your cellphone?
It’s already being looked into in Illinois - entering your PIN backwards would be the emergency number, and different enough that you wouldn’t accidentally miskey it. (I originally read this in the local papers, but the company’s website is what came up on a Google search.) I suppose it would be most useful if you were kidnapped and taken around forcibly to different ATMs/injured or left for dead afterwards and unable to call for help. At least this would alert police quickly that something was wrong with you.
A conversation at a chat board for bankers seemed to indicate that liability reasons are in fact the primary concern behind not doing this.
That and pure laziness… if this feature isn’t built into the off-the-shelf terminal driving software your bank uses, it would be expensive to add the feature, and it is of questionable utility compared to the expense.
Oh, and by the way, if you are forced to withdraw money at gunpoint in the US, I can guarantee that if you complain to your bank at the earliest safe opportunity, your account will be reimbursed. There are some Federal Reserve regulations to that effect.
How about a PIN that when you entered it would have the machine simply say “Sorry Temporarily Out of Funds.” Wouldn’t help you but would render the machine from giving away your money.
The impression I have from news reports here is that most cashpoint thieves aren’t interested in forcing people to withdraw cash, but in stealing the cards. That way they can withdraw cash themselves at a number of machines to empty the accounts, or clone the card.
I’m gonna have to call “cite” on this. I worked in banking for 15 years and never heard of any FRB regulation close to this. It just doesn’t make sense. Why would the bank be responsible if you were robbed at an ATM (which could be anywhere) and not responsible if you were robbed outside their door or at the night drop?