I think Rad's reasoning is that the thugs wil have a reason to believe you are lying irrespective of what pin u put first. And how they react to that may not be pleasant. Another way would be for bank systems to implement time-specific Atm withdrawal limits. Then u as the customer can dictate a limit amount that can be withdrawn from 6pm to 6am, for instance. So even if you become a target, you don't lose all and the thugs have no reason to be veery mad. You will get away with a few slaps On 10/8/09, saidimu apale <saidimu@gmail.com> wrote:
If the thugs wanted to kill you it wouldn't matter what kind of money you did or did not have, so you'd be toast even without an ATM card. The assumption here is that the thugs want money, not your life (not an unreasonable assumption among a sizeable percentage of thugs, if this weren't the case there'd be a death every time someone was mugged). saidi
On Thu, Oct 8, 2009 at 1:10 AM, Rad! <conradakunga@gmail.com> wrote:
that's exactly my point. you cannot assume the thugs are unaware. ergo no matter which pin you enter they might assume you're trying to con them. how do you prove you're not? you could be stabbed or shot needlessly.
On 10/8/09, saidimu apale <saidimu@gmail.com> wrote:
The thugs have no way of telling you are lying since the system doesn't depend on the thugs being unaware of the system. They know you have 2 PINs but they can't tell which one is the real one, that is unless you have found an error in the logic presented. I don't think people have sufficiently understood wesley's idea. It is simple but is quite clever. The other ideas about having 2 accounts are impractical and prone to error (what if you mix up the balances of the 2 accounts and carry the wrong ATM card, the one with the greater balance?)
saidi
On Thu, Oct 8, 2009 at 12:54 AM, Rad! <conradakunga@gmail.com> wrote:
the biggest flaw of all these suggestions is that thugs will be aware of these measures and might kill you even if you put the real pin first. this increases the risk for those who are cooperating. I don't think its worth the risk. let the thugs be in no doubt the balance is real. atm robbery is not a technical problem. it's social.
On 10/7/09, Steve Obbayi <steve@sobbayi.com> wrote:
How about this... you put in PIN2 and it shows 10% of actual balance. Thereafter if you try and put in PIN1 it will show the same balance that PIN2 showed minus any transactions. so from the point PIN2 is used until it is reset at the bank, PIN1 will base its fake balance on PIN2. therefore its going to be hard for the thief to determine. If at that point the thug asks for a mini statement, the System can throw an exception and blame it on network problems... better still all ATMs at the same location can also be triggered to go offline... this additional security behaviors can be kept secret from general public. and also protect other users that stumble on the robbery and fall victims themselves. So the longer the thugs are busy trying to use other ATMs in the same enclosure the cops will hopefully be there.
Tech List Kenya wrote:
Just remembered, wat if thugs demand you generate a mini statement? (gun to the head, remember). Wil the anti-theft system fake this also?
On 10/7/09, Tech List Kenya <techlistkenya@gmail.com> wrote:
> Gnod point @Tony. Maybe it can be done in such a way that: > 1. If Pin2 is entered first, from then on the pin1 bal is *always* > less until it is reset from the banking hall. > > 2. If pin1 is entered first, tough luck to the customer. > > In other words, if put in succession, the 2nd bal wil be less hence > thugs wont knw which is pin1 or 2. > > Weakness: > If the thug threatens that ukiweka pin2 kwanza tutajua, I wouldn't > risk proving him/them wrong > > On 10/7/09, Tony Likhanga <tlikhanga@gmail.com> wrote: > >>> I don't get how someone would know the second PIN is the real >>> one. >>> As >>> far >>> as they're concerned they will see 1K for the second time, which is >>> what >>> was >>> shown when the distress PIN was used first. They don't know that 10K is >>> in >>> the account. >>> >>> >>> >> Wes, I concur with Saidi. Picture this: what should be displayed if >> I >> feed >> in the PINs in this order; REAL->DISTRESS? >> As the thug, I'd simply be on the lookout for matching results. >> >> _______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks Other services @ http://my.co.ke Other lists ------------- Announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science: http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi: http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
--
SKYPE: sobbayi US: +1 202 470 0525 KE: +254 722 627 691
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks Other services @ http://my.co.ke Other lists ------------- Announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science: http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi: http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks Other services @ http://my.co.ke Other lists ------------- Announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science: http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi: http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks Other services @ http://my.co.ke Other lists ------------- Announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science: http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi: http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general