home *** CD-ROM | disk | FTP | other *** search
- Newsgroups: alt.security
- Path: sparky!uunet!cs.utexas.edu!uwm.edu!linac!pacific.mps.ohio-state.edu!cis.ohio-state.edu!magnus.acs.ohio-state.edu!usenet.ins.cwru.edu!agate!ames!news.hawaii.edu!wiliki.eng.hawaii.edu!ldoming
- From: ldoming@wiliki.eng.hawaii.edu (Lawrence Domingo)
- Subject: Re: PIN Codes
- Message-ID: <1992Jul28.090418.854@news.Hawaii.Edu>
- Sender: root@news.Hawaii.Edu (News Service)
- Nntp-Posting-Host: wiliki.eng.hawaii.edu
- Organization: University of Engineering, College of Engineering
- Date: Tue, 28 Jul 1992 09:04:18 GMT
- Lines: 26
-
- I've followed this thread with great interest, but still have a problem
- understanding one thing...
-
- A few times in this conversation a scheme to defraud ATMs was mentioned
- whereby a person "nets" the PIN codes and account numbers of unsuspecting
- ATM users by spying on them as they enter their PIN and then recovering
- the receipt that they may throw away. The person then proceeds to fab-
- ricate a new card with the stolen account number and PIN and then using it
- to withdraw cash from the ATM.
-
- BUT...how do they recreate the mag strip with all the correct information
- if they don't know the PVK (pin key)? If I understand correctly, in some
- systems the account number and card number are encrypted using the pin key,
- and the result written to track 2 of the mag strip. Then a pin offset, also
- writtem on track 2, is used to determine the actual pin from the encrypted
- value. In another system, the account number, card number, and pin are
- encrypted using the PVK as a key, and then the result written to track 2.
-
- In both cases, one would have to know the PVK or pin-key in order to know
- what should be written to the mag strip when all you have is the account
- number and PIN.
-
- So how was the scheme pulled off?
-
- ldoming @ wiliki.eng.hawaii.edu
-
-
