http://msmvps.com/blogs/sp/archive/2007/04/16/crack-the-pin.aspxSecurity of PINs (Personal Identification Numbers) that are used in your debit and credit cards is an interesting topic. Behind the scenes, the way PINs handled evolved together with science, technology, and business. And secure operation was always numberenCommunityServer 2008.5 SP2 (Build: 40407.4157)http://msmvps.com/blogs/sp/archive/2007/04/16/crack-the-pin.aspx#841012Fri, 20 Apr 2007 00:55:50 GMTd67277c4-116b-43f1-b688-e9ef184ea916:841012Slav<p>Ken, the issue is that fraud monitoring systems are implemented at the issuer bank, but PIN validation is sometimes done by Visa/Mastercard (esp. for smaller banks and credit unions) - before transaction is sent to the issuer. The fraud monitoring system will flag your card and account if you make purchase in Sydney and Istanbul within a hour; but not necessarily if you try to validate PIN.</p> <p>And then there are integration issues: the fraud monitoring system may not automatically put the card on the stop-list.</p> <div style="clear:both;"></div><img src="http://msmvps.com/aggbug.aspx?PostID=841012" width="1" height="1">http://msmvps.com/blogs/sp/archive/2007/04/16/crack-the-pin.aspx#837390Thu, 19 Apr 2007 13:32:17 GMTd67277c4-116b-43f1-b688-e9ef184ea916:837390Ken Schaefer<p>Hi Slav,</p> <p>You probably know more about this than me (since you work for a bank), but I remember reading in Bruce Schneier's &quot;Secrets and Lies&quot; book that bank ATM networks are able to detect the use of the same card across multiple ATM machines (basically to prevent someone &quot;skimming&quot; a card and then using a cloned card at a nearby ATM). In that case, a bank's ATM netwok would be able to detect the near simultaneous use of the same card across multiple ATMs, especially in a geographically dispered manner.</p> <div style="clear:both;"></div><img src="http://msmvps.com/aggbug.aspx?PostID=837390" width="1" height="1">