CrazyEngineers
  • security of ATM in banks

    Manish Goyal

    Member

    Updated: Oct 25, 2024
    Views: 1.3K
    In ATM the only way of security is secret code which is only of 4 digits or 5 digits (don't know about other states)

    This 4 digit code is not a big thing for a hacker to crack

    what do you think ?Is it really secure?

    Do you have any idea regarding security of ATM machines?
    0
    Replies
Howdy guest!
Dear guest, you must be logged-in to participate on CrazyEngineers. We would love to have you as a member of our community. Consider creating an account or login.
Replies
  • Kaustubh Katdare

    AdministratorJul 28, 2010

    Thread moved to CE Labs. Let's have various ideas on ATM security.

    In my opinion, 4 Digit code isn't easy to crack unless it is really easy to guess.
    Are you sure? This action cannot be undone.
    Cancel
  • Manish Goyal

    MemberJul 28, 2010

    By using bruteforce attack one can easily crack password of 4 digit within 30 sec
    Are you sure? This action cannot be undone.
    Cancel
  • vik001ind

    MemberJul 28, 2010

    atm card is blocked after 3 successive wrong attempts on a atm machine. Moreover in case online transaction the transaction takes other parameters like card no., date of issue, & name of card holder. So all parameters are responsible for the security. Also all these transaction is carried over a very secure line.
    Are you sure? This action cannot be undone.
    Cancel
  • Manish Goyal

    MemberJul 28, 2010

    @vik can ATM machine be programmed to change its usual behavior?
    Are you sure? This action cannot be undone.
    Cancel
  • vik001ind

    MemberJul 28, 2010

    Usual ATM machines are equipped with camera, tweaking with ATM machine can easily be caught!
    Are you sure? This action cannot be undone.
    Cancel
  • Manish Goyal

    MemberJul 29, 2010

    If no camera then

    Just curious to know

    can it be programmed?I don't wanna know how?
    Are you sure? This action cannot be undone.
    Cancel
  • Harshad Italiya

    MemberJul 30, 2010

    Use of Smartcard and Fingerprint can make this system more Secure.
    Are you sure? This action cannot be undone.
    Cancel
  • limestone7000

    MemberAug 7, 2010

    godfather
    Use of Smartcard and Fingerprint can make this system more Secure.
    In case u haven't watched the movie "National Treasure", in which Nicholas Cage easily gets the finger print of the actress on a rubbery-plastic material, wears it on his thumb, and gets the access passing through a finger-print key code!!

    finger print is also not quite safe anymore, i think!😉
    Are you sure? This action cannot be undone.
    Cancel
  • Saandeep Sreerambatla

    MemberAug 17, 2010

    I have recently read an article which said about the security in ATM.
    We can place a small magnetic strip in the ATM where we can get all details! after getting details one can make many cards using the data they get this is called Skimming.
    I am pasting an email which I have got on this.



    Skimming is the theft of credit card information used in an otherwise legitimate transaction. It is typically an "inside job" by a dishonest employee of a legitimate merchant. The thief can procure a victim’s credit card number using basic methods such as photocopying receipts or more advanced methods such as using a small electronic device (skimmer) to swipe and store hundreds of victims’ credit card numbers

    Skimming is one of the most widely used methods to commit credit card fraud and #-Link-Snipped-#. This malicious practice costs consumers and credit card companies more than $12 billion per year, a serious problem that continues to evolve.

    To truly help you understand the dangers of skimming, Here are few example of how it may happen:

    Skimming in your waiter's jacket
    You kindly hand over your credit or debit card to a friendly waiter in a restaurant. Before taking the card to the official processing terminal, the waiter swipes it through the small magnetic card reader in their jacket pocket. By the end of the night, that friendly waiter downloads the information on your card in its entirety, shipping it to an underground distribution center for the manufacturing of a fraudulent card. After this card has been produced, it is almost impossible to distinguish it from the real one.

    That cell phone is stealing your identity
    Skimming is made simple by way of technology that lacks embedded encryption. This may be the case for a cell phone with Javascript capability that is attached to a credit card reader. For instance, someone delivering packages can use their Java enabled phone to operate alongside an official credit card reader installed by the employer. When configured properly, this type of application can transmit the credit card information to servers overseas. From there, the data is used to make thousands of fraudulent credit cards. In a scenario such as this, the delivery person is usually given a cut for their skimming ability and the amount of numbers provided.

    Think twice about swiping twice
    Several identity thieves have used the act of skimming in mobile environments as well. Let's say that a delivery person activates their application while in route to a consumer's door. Upon routine, the consumer hands the card over, allowing the delivery person to swipe it through the terminal. The skimming application prompts a message stating that there was an error reading the card. The consumer thinks nothing of it when asked to swipe the card again. The truth is that the first swipe actually reads clear and is instantly transmitted to an illegal server. The second swipe runs through the correct application, carrying out a legitimate transaction. The delivery person walks away with a smile as the consumer has no clue of what just occurred.

    An askew ATM machine
    Imagine this: you walk up to an ATM machine to withdraw a bit of cash and observe that the card reader looks different. Thinking nothing of it, you insert the debit card, take the money and walk away. Little did you know that an identity thief planted a skimming device into the machine? Equipped with the details of your card, they now have all the information needed to produce thousands of fraudulent ATM cards and clean out your account. Some criminals will even go to the extend of creating fake ATM machines to trap their victims.

    How to Avoid Skimming

    Ø Keep an eye on suspicious individuals who may be present when using your credit or debit card
    Ø Never allow a credit or debit card to be swiped out of your view
    Ø Remain aware of unusual devices or card readers attached to an ATM machine
    Are you sure? This action cannot be undone.
    Cancel
  • Manish Goyal

    MemberAug 17, 2010

    Very nice ES

    Thanks for sharing with us
    I had never heard about this before
    Are you sure? This action cannot be undone.
    Cancel
  • crazyaddiction

    MemberAug 18, 2010

    my doubt is "as the machine recognises our card strip it should send a signal to the stored money part to bring the entered amount out"
    "dont u think it should send the same message every time for everyone" . if anyone come to know tat code,, hacking is sooo easy!!!
    this is just my guess !!
    Are you sure? This action cannot be undone.
    Cancel
  • moksh

    MemberSep 20, 2010

    when we use atm or debit card online most of the sites have kiddy security ..ie session is not properly ended
    these sites can be risky at times... for brute force attackers a boon
    obtain a card number , make a script where after every two attempts the attempt counter is resetted ( with an SQL injection)

    If site uses SSL ur screwd 😛
    Are you sure? This action cannot be undone.
    Cancel
  • rishi0922

    MemberSep 25, 2010

    In an artical i read about this presently going discussion...i like to share some of my views here ..

    I think everyone here is familier with the word called "HASH". A HASH is comparable to a person's fingerprint which is a unique identity of a person. Hash of any data is a fixed size fingerprint of that data. I f we have a hash of a piece of data say a password, it is not possible to get back to the original data.

    So let's take a example of ATM .....

    The security system takes the user's password and stores it in a hash of original numeric password. That hashing function derives the hash of a number by taking the average of pairs of numbers in the original password.
    So the password: 864159[password]
    Would become:737[hash]

    Derived as:
    (8+6)/2=7 (4+1)/2=2.5~3 (5+9)/2=7

    Now, while it is very easy and fast to calculate the HASH but its impossible to get back to the password from this hash.
    Since the HASH is much smaller than the password so it's possible that many password will share the same hash ..

    So, now we can say that it's very much secure in the ATM ...
    Are you sure? This action cannot be undone.
    Cancel
  • Reya

    MemberSep 25, 2010

    @rishi:This is quite interesting.if the hacker knows the hash of a piece of data he cannot find out the original data.In this way we can make sure of the security in ATM machines.
    Are you sure? This action cannot be undone.
    Cancel
  • rishi0922

    MemberSep 26, 2010

    The most popular hashing algorithm is MD% (Message-Digest algorithm 5) which always produces a hash of 128 bits. So for any input, whether is a 3-character string, or if it is a video file of few gb, the hash which MD% will produce will be just 128 bit long.
    Another popular hashing function SHA-1(secure hash algorithm) produces 160 nit hashes. SHA1 has been superseded by SHA2, which has four functions that produce hashes of 224 bit, 256 bit, 384 bit, or 512 bit.

    Torrent files use SHA1 hashes of each piece of content we are downloading........../
    Are you sure? This action cannot be undone.
    Cancel
  • Reya

    MemberSep 26, 2010

    @rishi Do the hackers use all the hashes(128,224,256,384,512) of a piece of content??
    Are you sure? This action cannot be undone.
    Cancel
  • rishi0922

    MemberSep 27, 2010

    I think hackers uses all the hash algorithms ...but i want someone to explain on this ...../
    Are you sure? This action cannot be undone.
    Cancel
Home Channels Search Login Register