Simon, wesley's point is that you wouldn't know which was PIN1 and which was PIN2. And if the system was implemented well you would never know. So it wouldn't matter if the thugs knew such a system was in place, they still wouldn't be able to beat it.

On Wed, Oct 7, 2009 at 2:42 AM, Simon Mbuthia <simon.mbuthia@gmail.com> wrote:
Guys,

Remember, thugs have bank accounts too.. OK, I guess most do, and so they would know about the two-PIN thing. So if I am a thug and we went to your ATM together, once you entered your PIN and it showed like Sh. 350/- only, I wouldn't get disapointed and go home but instead, I would ask you to enter your PIN 2 or else I pluck out your teeth... :-S


Me.

2009/10/7 saidimu apale <saidimu@gmail.com>

Very interesting idea.

This will only work if both PINs never show the same amount (regardless of the order in which they were used), otherwise someone can figure out whether you fooled them by using the distress PIN, in which case they'll just shoot you.

Here's why:

- Let's say the distress balance is set at 10% of the real balance. For a real balance of 10K, the distress balance is 1K.
- if I use the distress PIN first, I'll only see a balance of 1K (the distress balance), as opposed to the real balance of 10K (according to Wesley's idea).
- if I then immediately use the real PIN (without withdrawing), it should *not* also show me 1K. If it does, someone will then know that this second PIN is the real one. Another sum, not the real balance, should be shown. Perhaps 10% of the distress PIN (it wouldn't make sense to show a balance greater than or equal to the distress PIN).

If the balances shown are ever the same (real balance = distress balance) then one can deduce the real PIN simply by swapping the PINs without withdrawing anything.

saidi

On Wed, Oct 7, 2009 at 1:57 AM, wesley kirinya <kiriinya2000@yahoo.com> wrote:
I believe many of us have heard of someone who was forced by thugs to go to an ATM and withdraw cash.
 
So an idea popped. Why can't banks issue atleast 2 PINs per ATM card. If a person is forced to withdraw cash then they can use the second (distress) PIN. This PIN will let the system display that the person only has a fraction of the amount in his/her account. Once that PIN has been used, using the first PIN will not display the correct amount in the account until the person visits one of the bank's branch.
 
This way thugs only get a fraction of the original amount. Thugs would know that a person has 2 PINs but it's a 50/50 gamble on whether they will use the right PIN. Thugs may force the person to give up his/her 2 PINs. If they use the second PIN there is no way of knowing the true amount in the person's account even if they used the first PIN. If they used the first PIN before the second PIN then it's a lucky day for the thugs.
 
Whether use of the second PIN should generate a distress call is another issue. Atleast the above offers some way of protection for bank customers. Thugs will get away with some of the money but not as much as they could have gotten away with.
 
o_O!

 




_______________________________________________
Skunkworks mailing list
Skunkworks@lists.my.co.ke
http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks
Other services @ http://my.co.ke
Other lists
-------------
Announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce
Science:  http://lists.my.co.ke/cgi-bin/mailman/listinfo/science
kazi:     http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general



--
שִׁמְעוֹן

_______________________________________________
Skunkworks mailing list
Skunkworks@lists.my.co.ke
http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks
Other services @ http://my.co.ke
Other lists
-------------
Announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce
Science:  http://lists.my.co.ke/cgi-bin/mailman/listinfo/science
kazi:     http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general