[IWAR] ATM security

From: 7Pillars Partners (partnersat_private)
Date: Mon Apr 27 1998 - 14:22:35 PDT

Next message: 7Pillars Partners: "[IWAR] RESOURCE mercs, terror"

Previous message: 7Pillars Partners: "[IWAR] PRIVACY cruise ships, big brother"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Some design flaws that could be exploited, but it looks like they use a unique
PRNG per client, with a packet being sent to the card for authentication of the
next transaction.  We developed something far more secure a number of years
ago, but it's interesting to see the 'lite' version in use.  --MW

Monday April 27 10:13 AM ET
   
Code security for ATM system

   PETALING JAYA: A local bank is using a new encoded security technology
   to protect its Automated Teller Machine (ATM) system.
   
   The new security system, called the Card Verification Value (CVV),
   involves a set of computer-generated codes which keep on changing
   everytime an account holder uses his ATM card.
   
   According to banking sources, these special codes are generated by the
   main frame at the bank and are "placed" on to the card everytime a
   transaction was made.
   
   The card holder will never know the code, said one bank official.
   
   He said even bank employees would not be able to tamper with the codes.
   
   Those using cloned cards without these randomly generated codes would
   not be able to withdraw money.
   
   So far, Maybank is the only bank using this system but it was learnt
   that others were now negotiating with the American company which
   invented this technology.
   
   The system is also being used by major credit card companies whenever a
   card holder used them for cash advance withdrawal from ATM machines or
   even when making purchases.
   
   According to sources, Maybank incorporated the CVV system after a spate
   of illegal withdrawals which cost the bank more than RM1.5mil last year.
   
   It is learnt that the police received at least 10 reports of such cases
   from the bank weekly before the system was introduced.
   
   Sources said Maybank has already sent out letters to its customers
   informing them of the change and gave them specific date to hand over
   their old cards and collect new ones.
   
   Deputy CID director Deputy Commissioner Datuk Sidek Ali said since this
   additional security feature was incorporated, the bank had seen a
   drastic drop in the number of illegal withdrawals.
   
   "We have started discussions with other local banks and financial
   institutions to improve security features in their cards.
   
   "We hope all the banks and financial institutions will emulate Maybank,"
   he said in an interview.
   
   Copyright  1998 The Star Online

Next message: 7Pillars Partners: "[IWAR] RESOURCE mercs, terror"
Previous message: 7Pillars Partners: "[IWAR] PRIVACY cruise ships, big brother"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:08:12 PDT