|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: OT: Banc of America Article
Since nobody has given the correct information about the PIN on the card I will give a very brief description. There are two types of PIN, natural and customer selected. The natural PIN is computed from the number on the card. The computation involves one way crypto keys. I don't remember the algorithm. For this the PIN that is stored on the card is 0000. Now, when a customer selects a PIN, an offset is computed between the natural PIN and selected PIN. This offset is stored on the card. Based on this you can see that re-encoding is needed when you change the PIN number, most ATM will do that re-encoding. So unless things have changed in the last 4 years since I worked with this, you can not change your PIN over the phone without physical contact by the bank with the card. Personally I carry a card without any logo as my ATM card, at one point I had access to reader/encoder for mag strip cards and I programmed a blank card with the info from my real ATM card. No encryption involved. K On Wed, 29 Jan 2003, David Charlap wrote: > > Al Rowland wrote: > > > > The PIN is on your card ... > > Not for any card I've ever owned. I've changed my PIN several times > over the years, and the bank has never re-encoded my card or sent me a > new card as a result of doing so. > > Maybe some banks do store the PIN on the card, but I'm certain that it's > in the server for ever bank I've used. > > > I use a not-my-bank ATM in the lobby at work and it doesn't > > initiate the call (you can hear the modem dial) until you're beyond the > > PIN screen and are actually requesting a transaction. > > I'm not surprised. But the PIN is verified as a part of the transaction. > > I've occasionally mistyped my PIN. The ATM takes the mistake and goes > straight to the menu. It's only after requesting a transaction that it > comes back with the "invalid PIN" message. > > -- David >
|