|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Banc of America Article
On Wed, Jan 29, 2003 at 01:19:08PM -0500, Charles Sprickman wrote: > > On Wed, 29 Jan 2003, Al Rowland wrote: > > > Or, > > > > IIRC, the ATM system is similar to CC transactions. A best effort is > > made to authorize against your account (Credit Card or Banking) but if > > it fails and the transaction is within a normal range (your daily card > > limit) the CC/ATM completes the transaction. > > So you're telling me that if I go to Kwik-E-Mart, cut the wires, put my > card with a $0 balance in it will happily let me withdraw money? Somehow > that doesn't sound right. How would it know my PIN, or would it assume I > entered it correctly? How would it know my daily card limit? Disclaimer: while I did work for a company that was (or would have been) involved with CC transactions, I have never actually worked with CC auth mechanisms; only discussed them with a housemate who worked on $(MAJOR_CC_VENDOR)'s transaction/auth system. The short answer is: yes. The longer answer is: your PIN is on your card, the rest is recorded in the ATM and syncronized when it has connectivity again. At which point, your bank will be sending you a polite (or, for some amounts, not so polite) request to pay the outstanding balance, the fees incurred for overdraft, and other assorted charges. Most of the financial world operates on a pair of fairly straightforward principles: 1) It costs money to stop fraud. Unless and until the cost of fraud exceeds the cost of stopping the fraud, it is not profitable to attempt to stop the fraud (and, as a correllary, the effort put into stopping fraud is limited to that amount which produces a better-than-even return on investment). All major CC vendors simply budget for some amount of fraud every year; it's a known risk of the business model, and is accounted for. 2) Banks are, as a rule, care fairly little about whether you can withdraw money that you shouldn't be able to. ATM limits are largely about limiting the amount of damage done in the short term. What banks care about a very great deal is trying to make sure that that nothing, anywhere, in the entire system, can cause a transaction that doesn't have an audit trail - and spotting such things is (relatively) easy, because the books suddenly don't balance. Money may be information, but *within the system*, that information is checked, double-checked, cross-checked, and otherwise run through a really insane amount of effort to make sure you can't create money from nothing - and can't move it from one place to another without leaving some record of the movement. Thus, you can get physical cash from an ATM, if the system is out of sync, but as soon as it gets synced up again that will be linked back to your account. The bank only really cares, then, if your account happens to end up negative (and, as above, will take action in more concrete ways, to deal with the situation). Anyone who actually cares about this is strongly advised to not take my word on it, but go do the homework for yourself; most of this information is available to a sufficiently curious searcher. -- *************************************************************************** Joel Baker System Administrator - lightbearer.com [email protected] http://users.lightbearer.com/lucifer/ Attachment:
pgp00033.pgp
|