-
Thread moved to CE Labs. Let's have various ideas on ATM security.
In my opinion, 4 Digit code isn't easy to crack unless it is really easy to guess.
Are you sure? This action cannot be undone.
-
By using bruteforce attack one can easily crack password of 4 digit within 30 sec
Are you sure? This action cannot be undone.
-
atm card is blocked after 3 successive wrong attempts on a atm machine. Moreover in case online transaction the transaction takes other parameters like card no., date of issue, & name of card holder. So all parameters are responsible for the security. Also all these transaction is carried over a very secure line.
Are you sure? This action cannot be undone.
-
@vik can ATM machine be programmed to change its usual behavior?
Are you sure? This action cannot be undone.
-
Usual ATM machines are equipped with camera, tweaking with ATM machine can easily be caught!
Are you sure? This action cannot be undone.
-
If no camera then
Just curious to know
can it be programmed?I don't wanna know how?
Are you sure? This action cannot be undone.
-
Use of Smartcard and Fingerprint can make this system more Secure.
Are you sure? This action cannot be undone.
-
godfather
Use of Smartcard and Fingerprint can make this system more Secure.
In case u haven't watched the movie "National Treasure", in which Nicholas Cage easily gets the finger print of the actress on a rubbery-plastic material, wears it on his thumb, and gets the access passing through a finger-print key code!!
finger print is also not quite safe anymore, i think!😉
Are you sure? This action cannot be undone.
-
I have recently read an article which said about the security in ATM.
We can place a small magnetic strip in the ATM where we can get all details! after getting details one can make many cards using the data they get this is called Skimming.
I am pasting an email which I have got on this.
Skimming is the theft of credit card information used in an otherwise legitimate transaction. It is typically an "inside job" by a dishonest employee of a legitimate merchant. The thief can procure a victim’s credit card number using basic methods such as photocopying receipts or more advanced methods such as using a small electronic device (skimmer) to swipe and store hundreds of victims’ credit card numbers
Skimming is one of the most widely used methods to commit credit card fraud and #-Link-Snipped-#. This malicious practice costs consumers and credit card companies more than $12 billion per year, a serious problem that continues to evolve.
To truly help you understand the dangers of skimming, Here are few example of how it may happen:
Skimming in your waiter's jacket
You kindly hand over your credit or debit card to a friendly waiter in a restaurant. Before taking the card to the official processing terminal, the waiter swipes it through the small magnetic card reader in their jacket pocket. By the end of the night, that friendly waiter downloads the information on your card in its entirety, shipping it to an underground distribution center for the manufacturing of a fraudulent card. After this card has been produced, it is almost impossible to distinguish it from the real one.
That cell phone is stealing your identity
Skimming is made simple by way of technology that lacks embedded encryption. This may be the case for a cell phone with Javascript capability that is attached to a credit card reader. For instance, someone delivering packages can use their Java enabled phone to operate alongside an official credit card reader installed by the employer. When configured properly, this type of application can transmit the credit card information to servers overseas. From there, the data is used to make thousands of fraudulent credit cards. In a scenario such as this, the delivery person is usually given a cut for their skimming ability and the amount of numbers provided.
Think twice about swiping twice
Several identity thieves have used the act of skimming in mobile environments as well. Let's say that a delivery person activates their application while in route to a consumer's door. Upon routine, the consumer hands the card over, allowing the delivery person to swipe it through the terminal. The skimming application prompts a message stating that there was an error reading the card. The consumer thinks nothing of it when asked to swipe the card again. The truth is that the first swipe actually reads clear and is instantly transmitted to an illegal server. The second swipe runs through the correct application, carrying out a legitimate transaction. The delivery person walks away with a smile as the consumer has no clue of what just occurred.
An askew ATM machine
Imagine this: you walk up to an ATM machine to withdraw a bit of cash and observe that the card reader looks different. Thinking nothing of it, you insert the debit card, take the money and walk away. Little did you know that an identity thief planted a skimming device into the machine? Equipped with the details of your card, they now have all the information needed to produce thousands of fraudulent ATM cards and clean out your account. Some criminals will even go to the extend of creating fake ATM machines to trap their victims.
How to Avoid Skimming
Ø Keep an eye on suspicious individuals who may be present when using your credit or debit card
Ø Never allow a credit or debit card to be swiped out of your view
Ø Remain aware of unusual devices or card readers attached to an ATM machine
Are you sure? This action cannot be undone.
-
Very nice ES
Thanks for sharing with us
I had never heard about this before
Are you sure? This action cannot be undone.
-
my doubt is "as the machine recognises our card strip it should send a signal to the stored money part to bring the entered amount out"
"dont u think it should send the same message every time for everyone" . if anyone come to know tat code,, hacking is sooo easy!!!
this is just my guess !!
Are you sure? This action cannot be undone.
-
moksh
Member •
Sep 20, 2010
when we use atm or debit card online most of the sites have kiddy security ..ie session is not properly ended
these sites can be risky at times... for brute force attackers a boon
obtain a card number , make a script where after every two attempts the attempt counter is resetted ( with an SQL injection)
If site uses SSL ur screwd 😛
Are you sure? This action cannot be undone.
-
In an artical i read about this presently going discussion...i like to share some of my views here ..
I think everyone here is familier with the word called "HASH". A HASH is comparable to a person's fingerprint which is a unique identity of a person. Hash of any data is a fixed size fingerprint of that data. I f we have a hash of a piece of data say a password, it is not possible to get back to the original data.
So let's take a example of ATM .....
The security system takes the user's password and stores it in a hash of original numeric password. That hashing function derives the hash of a number by taking the average of pairs of numbers in the original password.
So the password: 864159[password]
Would become:737[hash]
Derived as:
(8+6)/2=7 (4+1)/2=2.5~3 (5+9)/2=7
Now, while it is very easy and fast to calculate the HASH but its impossible to get back to the password from this hash.
Since the HASH is much smaller than the password so it's possible that many password will share the same hash ..
So, now we can say that it's very much secure in the ATM ...
Are you sure? This action cannot be undone.
-
Reya
Member •
Sep 25, 2010
@rishi:This is quite interesting.if the hacker knows the hash of a piece of data he cannot find out the original data.In this way we can make sure of the security in ATM machines.
Are you sure? This action cannot be undone.
-
The most popular hashing algorithm is MD% (Message-Digest algorithm 5) which always produces a hash of 128 bits. So for any input, whether is a 3-character string, or if it is a video file of few gb, the hash which MD% will produce will be just 128 bit long.
Another popular hashing function SHA-1(secure hash algorithm) produces 160 nit hashes. SHA1 has been superseded by SHA2, which has four functions that produce hashes of 224 bit, 256 bit, 384 bit, or 512 bit.
Torrent files use SHA1 hashes of each piece of content we are downloading........../
Are you sure? This action cannot be undone.
-
Reya
Member •
Sep 26, 2010
@rishi Do the hackers use all the hashes(128,224,256,384,512) of a piece of content??
Are you sure? This action cannot be undone.
-
I think hackers uses all the hash algorithms ...but i want someone to explain on this ...../
Are you sure? This action cannot be undone.
