From: Scottauge@aol.com
Date: Tue, 26 Nov 1996 11:15:32 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: [CRYPTO] Bank Cards, Interac, Bank Machines, etc
Message-ID: <961126141446_1586812475@emout02.mail.aol.com>
MIME-Version: 1.0
Content-Type: text/plain


In a message dated 96-11-25 22:17:41 EST, you write:

> I also heard that the magnetic stripe on the back contains your card
>  number (the shiny metallized numbers on the front) encrypted using DES
>  using your PIN as the key.  Way out to lunch?  Too close for comfort?

This seems to be pretty unlikely, cuz I changed my PIN and was still able to
use the same card.  This means:

1) They can write to a card (pretty unlikely - but not ruling it out - jus
don't know)

2) There are more PINs to a card than one (pretty unlikely cuz I chose my
number)

What I suspect is:

Obtain card number
Obtain PIN
Send both to computer controlling transactions
This computer inputs both to an algorithm that says Yea or Nay to continuing
(like the numbers point to a valid check/credit/savings account or GL
account)...

Perform transaction (data likely encrypted the same way back and forth for
defeating listening devices)....

There may be a hash to the account, the result is not an account number, or
some huge look-up database is in play matching PINs to card numbers to
accounts.