security of ATM in banks

In ATM the only way of security is secret code which is only of 4 digits or 5 digits (don't know about other states)

This 4 digit code is not a big thing for a hacker to crack

what do you think ?Is it really secure?

Do you have any idea regarding security of ATM machines?

Replies

  • Kaustubh Katdare
    Kaustubh Katdare
    Thread moved to CE Labs. Let's have various ideas on ATM security.

    In my opinion, 4 Digit code isn't easy to crack unless it is really easy to guess.
  • Manish Goyal
    Manish Goyal
    By using bruteforce attack one can easily crack password of 4 digit within 30 sec
  • vik001ind
    vik001ind
    atm card is blocked after 3 successive wrong attempts on a atm machine. Moreover in case online transaction the transaction takes other parameters like card no., date of issue, & name of card holder. So all parameters are responsible for the security. Also all these transaction is carried over a very secure line.
  • Manish Goyal
    Manish Goyal
    @vik can ATM machine be programmed to change its usual behavior?
  • vik001ind
    vik001ind
    Usual ATM machines are equipped with camera, tweaking with ATM machine can easily be caught!
  • Manish Goyal
    Manish Goyal
    If no camera then

    Just curious to know

    can it be programmed?I don't wanna know how?
  • Harshad Italiya
    Harshad Italiya
    Use of Smartcard and Fingerprint can make this system more Secure.
  • limestone7000
    limestone7000
    godfather
    Use of Smartcard and Fingerprint can make this system more Secure.
    In case u haven't watched the movie "National Treasure", in which Nicholas Cage easily gets the finger print of the actress on a rubbery-plastic material, wears it on his thumb, and gets the access passing through a finger-print key code!!

    finger print is also not quite safe anymore, i think!😉
  • Saandeep Sreerambatla
    Saandeep Sreerambatla
    I have recently read an article which said about the security in ATM.
    We can place a small magnetic strip in the ATM where we can get all details! after getting details one can make many cards using the data they get this is called Skimming.
    I am pasting an email which I have got on this.



    Skimming is the theft of credit card information used in an otherwise legitimate transaction. It is typically an "inside job" by a dishonest employee of a legitimate merchant. The thief can procure a victim̢۪s credit card number using basic methods such as photocopying receipts or more advanced methods such as using a small electronic device (skimmer) to swipe and store hundreds of victims̢۪ credit card numbers

    Skimming is one of the most widely used methods to commit credit card fraud and #-Link-Snipped-#. This malicious practice costs consumers and credit card companies more than $12 billion per year, a serious problem that continues to evolve.

    To truly help you understand the dangers of skimming, Here are few example of how it may happen:

    Skimming in your waiter's jacket
    You kindly hand over your credit or debit card to a friendly waiter in a restaurant. Before taking the card to the official processing terminal, the waiter swipes it through the small magnetic card reader in their jacket pocket. By the end of the night, that friendly waiter downloads the information on your card in its entirety, shipping it to an underground distribution center for the manufacturing of a fraudulent card. After this card has been produced, it is almost impossible to distinguish it from the real one.

    That cell phone is stealing your identity
    Skimming is made simple by way of technology that lacks embedded encryption. This may be the case for a cell phone with Javascript capability that is attached to a credit card reader. For instance, someone delivering packages can use their Java enabled phone to operate alongside an official credit card reader installed by the employer. When configured properly, this type of application can transmit the credit card information to servers overseas. From there, the data is used to make thousands of fraudulent credit cards. In a scenario such as this, the delivery person is usually given a cut for their skimming ability and the amount of numbers provided.

    Think twice about swiping twice
    Several identity thieves have used the act of skimming in mobile environments as well. Let's say that a delivery person activates their application while in route to a consumer's door. Upon routine, the consumer hands the card over, allowing the delivery person to swipe it through the terminal. The skimming application prompts a message stating that there was an error reading the card. The consumer thinks nothing of it when asked to swipe the card again. The truth is that the first swipe actually reads clear and is instantly transmitted to an illegal server. The second swipe runs through the correct application, carrying out a legitimate transaction. The delivery person walks away with a smile as the consumer has no clue of what just occurred.

    An askew ATM machine
    Imagine this: you walk up to an ATM machine to withdraw a bit of cash and observe that the card reader looks different. Thinking nothing of it, you insert the debit card, take the money and walk away. Little did you know that an identity thief planted a skimming device into the machine? Equipped with the details of your card, they now have all the information needed to produce thousands of fraudulent ATM cards and clean out your account. Some criminals will even go to the extend of creating fake ATM machines to trap their victims.

    How to Avoid Skimming

    Ø Keep an eye on suspicious individuals who may be present when using your credit or debit card
    Ø Never allow a credit or debit card to be swiped out of your view
    Ø Remain aware of unusual devices or card readers attached to an ATM machine
  • Manish Goyal
    Manish Goyal
    Very nice ES

    Thanks for sharing with us
    I had never heard about this before
  • crazyaddiction
    crazyaddiction
    my doubt is "as the machine recognises our card strip it should send a signal to the stored money part to bring the entered amount out"
    "dont u think it should send the same message every time for everyone" . if anyone come to know tat code,, hacking is sooo easy!!!
    this is just my guess !!
  • moksh
    moksh
    when we use atm or debit card online most of the sites have kiddy security ..ie session is not properly ended
    these sites can be risky at times... for brute force attackers a boon
    obtain a card number , make a script where after every two attempts the attempt counter is resetted ( with an SQL injection)

    If site uses SSL ur screwd 😛
  • rishi0922
    rishi0922
    In an artical i read about this presently going discussion...i like to share some of my views here ..

    I think everyone here is familier with the word called "HASH". A HASH is comparable to a person's fingerprint which is a unique identity of a person. Hash of any data is a fixed size fingerprint of that data. I f we have a hash of a piece of data say a password, it is not possible to get back to the original data.

    So let's take a example of ATM .....

    The security system takes the user's password and stores it in a hash of original numeric password. That hashing function derives the hash of a number by taking the average of pairs of numbers in the original password.
    So the password: 864159[password]
    Would become:737[hash]

    Derived as:
    (8+6)/2=7 (4+1)/2=2.5~3 (5+9)/2=7

    Now, while it is very easy and fast to calculate the HASH but its impossible to get back to the password from this hash.
    Since the HASH is much smaller than the password so it's possible that many password will share the same hash ..

    So, now we can say that it's very much secure in the ATM ...
  • Reya
    Reya
    @rishi:This is quite interesting.if the hacker knows the hash of a piece of data he cannot find out the original data.In this way we can make sure of the security in ATM machines.
  • rishi0922
    rishi0922
    The most popular hashing algorithm is MD% (Message-Digest algorithm 5) which always produces a hash of 128 bits. So for any input, whether is a 3-character string, or if it is a video file of few gb, the hash which MD% will produce will be just 128 bit long.
    Another popular hashing function SHA-1(secure hash algorithm) produces 160 nit hashes. SHA1 has been superseded by SHA2, which has four functions that produce hashes of 224 bit, 256 bit, 384 bit, or 512 bit.

    Torrent files use SHA1 hashes of each piece of content we are downloading........../
  • Reya
    Reya
    @rishi Do the hackers use all the hashes(128,224,256,384,512) of a piece of content??
  • rishi0922
    rishi0922
    I think hackers uses all the hash algorithms ...but i want someone to explain on this ...../

You are reading an archived discussion.

Related Posts

Hello there, how are you =) i had a thought if making a digital speed-o-meter out of my bike's analog speed-o-meter with LCD interfacing. So, can any one tell me...
Ladies/Fellas You've got to cut us some slack here. We want to help but you are making it very difficult. Some of the questions that are asked are simply impossible...
Flummox : Meaning : to bewilder, confuse Usage : After boarding the bus, I was flummoxed to find that I did not have enough money for the ticket. Syn :...
What are the jobs that we can get after completing MBA in Banking and Finance, which Sikkim Manipal University has newly started.
It's very unlikely that a frequent internet user had never stumbled into Wikipedia. Its an idea which has accelerated & revolutionized the information sharing between people. It's very much similar...