[IWAR] ATM security

From: 7Pillars Partners (partnersat_private)
Date: Mon Apr 27 1998 - 14:22:35 PDT

  • Next message: 7Pillars Partners: "[IWAR] RESOURCE mercs, terror"

    Some design flaws that could be exploited, but it looks like they use a unique
    PRNG per client, with a packet being sent to the card for authentication of the
    next transaction.  We developed something far more secure a number of years
    ago, but it's interesting to see the 'lite' version in use.  --MW
    
    Monday April 27 10:13 AM ET
       
    Code security for ATM system
    
       PETALING JAYA: A local bank is using a new encoded security technology
       to protect its Automated Teller Machine (ATM) system.
       
       The new security system, called the Card Verification Value (CVV),
       involves a set of computer-generated codes which keep on changing
       everytime an account holder uses his ATM card.
       
       According to banking sources, these special codes are generated by the
       main frame at the bank and are "placed" on to the card everytime a
       transaction was made.
       
       The card holder will never know the code, said one bank official.
       
       He said even bank employees would not be able to tamper with the codes.
       
       Those using cloned cards without these randomly generated codes would
       not be able to withdraw money.
       
       So far, Maybank is the only bank using this system but it was learnt
       that others were now negotiating with the American company which
       invented this technology.
       
       The system is also being used by major credit card companies whenever a
       card holder used them for cash advance withdrawal from ATM machines or
       even when making purchases.
       
       According to sources, Maybank incorporated the CVV system after a spate
       of illegal withdrawals which cost the bank more than RM1.5mil last year.
       
       It is learnt that the police received at least 10 reports of such cases
       from the bank weekly before the system was introduced.
       
       Sources said Maybank has already sent out letters to its customers
       informing them of the change and gave them specific date to hand over
       their old cards and collect new ones.
       
       Deputy CID director Deputy Commissioner Datuk Sidek Ali said since this
       additional security feature was incorporated, the bank had seen a
       drastic drop in the number of illegal withdrawals.
       
       "We have started discussions with other local banks and financial
       institutions to improve security features in their cards.
       
       "We hope all the banks and financial institutions will emulate Maybank,"
       he said in an interview.
       
       Copyright  1998 The Star Online
    



    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:08:12 PDT