So does my bank card have my pin saved to it?

When I used my bankcard at a store and run it as a debit, it obviously checks my pin some how. But how? Is it stored on the card? Is there a database it is recorded on?

Our cards here don’t store a PIN. The machine at point of sale where you enter your PIN transmits that to the computer network (your bank) which verifies that you are you (with the PIN) and verifies the transaction. Can’t see why yours would be different.

Yes. I think it may be hashed, but for a four-digit number, any kind of encryption is futile.

[qualifier]… The UK version of chip and PIN uses a PIN stored on the card which is verified locally before the transaction proceeds. This is not the same elsewhere in the world and the UK system has been widely criticised as insecure. (I think the whole concept of chip and PIN at retail points of sale is insecure, but that’s another story).

Debit cards vary quite a bit across the world. Canadian ones do not use the MasterCard/Visa system and do not have those logos. You use a PIN with them, but the point-of-sale terminal connects with the bank for each transaction, and verifies the PIN and funds online. The PIN does not need to be stored in the card, and I believe it isn’t.

Are the card readers in ATM also capable of writing to the card?
If not then any card where you can choose a new pin at an ATM can’t have the pin stored on the card.

I’m interested in why you say this. Obviously brute searches of a four digit namespace are very easy.

Would an encryption which encrypts both the number and the position of the number within a large string of digits be secure if the decrypting and encrypting rules are kept secret?

Hmm… I’m not sure what you’re saying. If the PIN is stored on the card, than an ATM needs to be able to figure out if someone just entered the correct PIN, so even if the ATM can’t get the PIN from the card directly, there has to be some way for the ATM to test a PIN against whatever is on the card to find out if the PIN is correct. And since the bank wants its card to work with lots of ATMs, it’s going to use some standard method, which means bad guys will find out what the method is.

And the point is, you don’t need to break the encryption at all – it doesn’t matter whether the info is perfectly encoded or not. If a bad guy has the card, he can use the test method to find out if ‘0000’ is the correct PIN (remember, this is just what an ATM does). If it’s not the right PIN, he tests 0001, etc. 10,000 tries is not much for a computer, no matter how complicated the method is.
But, in the U.S., I believe no or very few cards do actually store the PIN. Instead, the PIN is in a central computer, and the ATM has to call up the central computer and ask if the PIN is correct. This is way more secure, because if you have the card but not the PIN you have to either go to an ATM, and start trying PINs by hand, or be able to have your computer dial up the central computer and convincingly masquerade as an ATM (I imagine this is not easy). In either case, the central computer (unlike a simple ATM card) can keep track of wrong PIN guesses, and flag the card number as stolen after too many incorrect PINs.

No it isn’t. As long as the bank controls access and prevents a brute force attempt at the PIN, then you can strongly encrypt small amounts of data and keep it relatively secure.

My bank does not allow you to change your PIN at an ATM. You must go into the bank and verify to the banker who you are before you are allowed to change your PIN.

Having said that, my bank’s web site says you can change your PIN at any of the bank’s ATMs. Either I was lied to about it, or their web site is out of date.

I’ll try explain a little better. If the four digits of the pin are encrypted in a one to one encryption algorithm to another four digit number, then a thief could read his own card several times each after changing his own pin to values he of course knows. It would then be simple for the thief to use brute force trial and error processing to find where the pin number is heald on the card’s data, and what the encryption key is.
It would only be possible to secure such a system if the pin is encoded using a one to many scheme such that the pin is calculable only by reading enough digits off the card for a brute force examination of the type explained above to be impractical.

There are no end to the ways you could hack a card if the pin were stored on the card. If you can write to the card, then you know what you’re writing, regardless of what encryption scheme might be used.

And if you can write to the card and the PIN were stored on the card, then you could just steal a card, write your own PIN on it, and use it. To protect against this, the ATM would have to ask the central database if the PIN is correct, so there’s no reason to store it on the card at all.

Here’s a talk we were given, outlining some of the basics (and some complicated ways to retrieve PIN’s :-)). As I understand it, every ATM has a hardware security module inside, which is a special type of secure computer. Any attempt to break into the casing will result in the memory being wiped instantly, the voltages on the input lines are monitored etc. etc. Your pin is checked inside the HSM using a set of master keys stored in the HSM and some complicated maths, using your account number.

The process is really complicated, especially how the ATMs communicate on potentially untrusted lines, and I can’t remember a lot of it (even after looking through the slides), but I hoped this helped.

Here is an informative wikipedia page about the data on a magnetic stripe.

I found that last week when I was reading this site, which has a few more interesting facts about credit cards (#28 thru 37).

Cryptographers always assume that the encryption algorithm is known. I have always assumed that the reason for that is that a great many people will come to know it and “secret known to a great many people” is an oxymoron. Since there are only 10,000 pins, storing them on the card would render them pointless. Eventually, biometric identification will become standard.

FWIW, my brother who was a freelance systems analyst who did most of his work for a bank and helped design software for secure bank to bank (and bank to Fed) transactions would never use an ATM. Never.

How does the bank control access? The PIN is on the card in my pocket.

Interesting - in this instance does “ATM” refer only to the cash-dispensing machines themselves, or does his general distrust of the system extend to the use of debit-cards in general…

You realize that biometrics is nothing more than a complex password that’s impossible to change, right?