Tuesday, February 19, 2008

How are ATM PINs validated

It is interesting to understand how ATM pins are validated.

The following components are involved in an ATM transaction:
  1. The ATM machine cash dispenser. This is the machine where you plonk your card, punch your pin and pluck out the cash.
  2. The ATM server. This is the server that the ATM machine connects to behind the scenes. Your ATM card number and the pin are sent to this server encrypted using a shared secret between the ATM machine and the ATM server. The ATM server verifies the PIN using a separate ATM PIN machine and does the transaction by sending the request to your bank.
  3. The ATM PIN machine. This is the machine that the ATM server uses to verify your PIN.
  4. Your bank. Which actually performs the transaction.



PIN generation process:
The ATM Pin is never stored in any of the systems. Instead what is stored in the system is an offset of the pin. This is how it is done in very simple form. The actual mechanism is slightly more complicated and you can read more about it from the references mentioned at the end.

First time PIN generation:
  • Imagine your card number is 4129123456784321.
  • There is a cryptographic function f and a key k so that
    f(4129123456784321, k) = 9876543212345678
  • The function f and key k are known to the ATM PIN machine.
  • The ATM PIN machine choses a random pin, lets say 1234.
  • Then the ATM PIN machine takes the first 4 characters of the encrypted number (9876), subtracts your chosen pin (1234), and stores the result (8642) in the ATM server. This is known as the pin offset.
  • The ATM PIN machine prints 1234 into your pin mailer using an attached printer.

Changing your PIN on an ATM:
  • Imagine your card number is 4129123456784321.
  • There is a cryptographic function f and a key k so that
    f(4129123456784321, k) = 9876543212345678
  • The function f and key k is known to the ATM PIN machine.
  • Lets say you chose your pin as 1234.
  • Then the pin changing system takes the first 4 characters of the encrypted number (9876), subtracts your chosen pin (1234), and stores the result (8642) in the ATM server. This is known as the pin offset.
If you look carefully, the ATM cash dispenser installation itself is a critical step. The ATM cash dispenser shared key needs to be installed in a secure manner. Also, it is possible to have all of 1, 2 and 3 to be located on the ATM machine installation itself. In such a case, the key k needs to be entered securely in each ATM once it is installed. Such key setup on ATMs is done by splitting the key into two parts and having two different bank officers enter their portions of the keys separately. The key storage and the encryption/decryption is done is a special tamper proof module in the ATM cash dispenser.

PIN verification process:
  • You plonk your card into the ATM machine and punch the pin.
  • The ATM machine encrypts the card number and pin with a shared secret and sends it to the ATM server.
  • The ATM server decrypts your card number, picks up the pin offset from its database corresponding to your card and sends them along with your pin to the PIN machine.
  • The PIN machine runs function f with key k to get the encrypted number, takes the first 4 digits, subtracts from it the offset and matches the result with your pin. A match indicates correct pin.

Sometimes the pin offset is encoded into the magnetic stripe of the card itself, but that is becoming rare as it is not possible for the user to change the pin in such a scenario.

If you use your ATM card in a different bank's account, PIN verification happens in the following manner:
  • Acquiring bank's ATM cash dispenser recognizes this card is not issued by it's bank.
  • Acquiring bank's ATM cash dispenser encrypts the PIN and the card number and sends it to its ATM server.
  • Acquiring bank's ATM server decrypts the information and recognizes this card is not issued by it's bank.
  • Acquiring bank's ATM server encrypts the information with a key shared between itself and the issuing bank and sends the PIN validation request to the issuing bank.
  • Issuing bank decrypts the information, does the PIN validation and responds back with result to the acquiring bank.
(This is a simplified explanation of cross bank PIN verification. Tapesh's comment to this post explains this much more lucidly and in more detail, particularly the role of card networks. Please refer to the comments section at the end of this post. I'm also replicating it partly below.

...
the acquiring bank cannot keep shared secret of each and every issuing bank in the world.

If an Off-us card is presented for PIN validation , acquiring bank encrypts it with shared secret of VISA /MC depending upon the BIN range (first 6 digit of the card number) and then VISA/MC decrypts it at their end.

These card associations exactly know that a particular BIN range belongs to which bank and accordingly they use the respective shared secret of that issuing bank for encrypting it further.

Now, the PIN is decrypted at the issuing bank who has its offset stored in its database and can re-generate the PIN using the offset, card number and few secret keys.

This newly generated PIN is validated against the PIN which has traveled through acquiring host to VISA/MC host to issuing bank...)


References:
http://www.paladion.net/papers/ATM_Pin_Security.pdf
http://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-641.pdf
http://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-560.pdf
http://wiretap.area.com/Gopher/Library/Untech/atm.txt

10 comments:

Gopi said...

Hi tan,
You've got a lot of useful information here.

I would like to clear something up, and would appreciate if you can shed some light on this:

I always thought that when a user enters his/her PIN, the ATM will first validate the PIN and then prompt the user to the main menu (if validation is successful) or send an error notification (wrong PIN).

However, I've heard from a friend that PIN is not validated instantly, and if you enter the wrong PIN, the ATM will still prompt the user to the main menu screen. It's during this process that the ATM server is validating the PIN and if validation is not successful, the ATM will only warn you when you choose a transaction.

Which scenario is the accurate one?

tan said...

Hi Gopi,
Coming to think about the second scenario, won't it be a blunder on the ATM's part just to warn and not prevent the transaction? Then the PIN won't be of any purpose at all, would it?

There may be older models of ATM that validate PIN against the stored hash, but they are becoming rare now a days.

Some ATMs may also allow you to operate in offline risk limited mode when they are not connected to the servers, and let you withdraw limited cash. But I think connectivity is pretty fail safe now a days.

Fede said...

Hi,

I would like to know if those ATM PINs are stored at each Issuing Bank or at a centralized Server that belongs to the ATM Network.
Are the PINs issued by the banks? Or are they issued by each network?

Thanks!
Federic

Tapesh said...

Hi Tan,

May be you would like to replace the word issuing bank with the card association (VISA / Mastercard)as the acquiring bank cannot keep shared secret of each and every issuing bank in the world.

If an Off-us card is presented for PIN validation , acquiring bank encrypts it with shared secret of VISA /MC depending upon the BIN range (first 6 digit of the card number) and then VISA/MC decrypts it at their end.

These card associations exactly know that a particular BIN range belongs to which bank and accordingly they use the respective shared secret of that issuing bank for encrypting it further.

Now, the PIN is decrypted at the issuing bank who has its offset stored in its database and can re-generate the PIN using the offset, card number and few secret keys.

This newly generated PIN is validated against the PIN which has travelled through acquiring host to VISA/MC host to issuing bank (as you said).

thanks,
Tapesh

tan said...

Hi Tapesh,
Thanks for explaining it much more clearly. I added a note in the entry pointing to your comment.
Thanks,
Tan.

Anonymous said...

The pins are stored at the ATM server (actually called the Issuer Switch) of the bank that issued the card to you. That is the bank at which you normally have your account.

The atm that you use for withdrawing your money is only gathering information from you in a secured manner, and passing it onto the issuer switch. There is a fair amount of encryption happening at the ATM and then at the Switch of the ATM bank, followed by a reverse (decryption) at the Issuer switch. If the calculated PIN (actually, pin offset) matches the stored PIN (offset), the transaction is allowed.

As to why the pin is not checked / verified at the ATM - there are a couple of reasons. First of all, the ATM acts as a fairly dumb device, and does not keep the PIN / Offset data. This is maintained at the central server, because it cannot be maintained at all the ATMs. What if the customer changed the PIN? If it were to be stored at all the ATMs, then it will have to be changed at all the ATMs. What if something went wrong (network failure etc) during some of these updates? there would be chaos. Besides, how much data can each ATM store? So this (storing all PINs at all ATMs) is not practical. Therefore, PINs / offsets are stored at the central server. This is also the same reason why each bank does not store the PINs of all the (other bank) customers it supports.

As for doing pin verification after asking all the information - well, this is primarily to reduce the number of trips to the central database.

Hope I have clarified some of the doubts.

Chetan

Anonymous said...

I am actually wondering how One Time Passwords could fit into the whole story. Today, lots of banks uses One Time Passwords [OTPs] for a higher security into their channels like IVR, E-banking and M-banking. The use of these OTPs could reduce the fraud on skimming and card trapping. But how would this fit in the current process?

Anonymous said...

I was wondering how the One Time Passwords would fit into this ATM validation process. Today, a lot of banks uses One Time Passwords to prevent fraud in the different channels being used [IVR, M-banking, E-banking]. OTPs would reduce the impact of card skimming and card trapping as well. But would it be possible to get an OTP being validated with the process decribed and integrated today?

Quincy said...

Hi

I wonder if the Pin Offset method by subtracting the choosing digit from the first 4 characters still exist up till now; otherwise all institution should enhance their security measures in order to prevent further damages to customers.
Urgent responds to this question will be appreciated.

Quincy.

Quincy said...

Hi,

I wonder if the Pin Offset method by subtracting the choosing digit from the first 4 characters still exist up till now; otherwise all institution should enhance their security measures in order to prevent further damages to customers.
Urgent responds to this question will be appreciated.

Quincy.