If the thugs wanted to kill you it wouldn't matter what kind of money you did or did not have, so  you'd be toast even without an ATM card. The assumption here is that the thugs want money, not your life (not an unreasonable assumption among a sizeable percentage of thugs, if this weren't the case there'd be a death every time someone was mugged).

saidi

On Thu, Oct 8, 2009 at 1:10 AM, Rad! <conradakunga@gmail.com> wrote:
that's exactly my point. you cannot assume the thugs are unaware. ergo
no matter which pin you enter they might assume you're trying to con
them. how do you prove you're not? you could be stabbed or shot
needlessly.

On 10/8/09, saidimu apale <saidimu@gmail.com> wrote:
> The thugs have no way of telling you are lying since the system doesn't
> depend on the thugs being unaware of the system. They know you have 2 PINs
> but they can't tell which one is the real one, that is unless you have found
> an error in the logic presented.
> I don't think people have sufficiently understood wesley's idea. It is
> simple but is quite clever.
> The other ideas about having 2 accounts are impractical and prone to error
> (what if you mix up the balances of the 2 accounts and carry the wrong ATM
> card, the one with the greater balance?)
>
> saidi
>
> On Thu, Oct 8, 2009 at 12:54 AM, Rad! <conradakunga@gmail.com> wrote:
>
>>  the biggest flaw of all these suggestions is that thugs will be aware
>> of these measures and might kill you even if you put the real pin
>> first. this increases the risk for those who are cooperating. I don't
>> think its worth the risk. let the thugs be in no doubt the balance is
>> real. atm robbery is not a technical problem. it's social.
>>
>> On 10/7/09, Steve Obbayi <steve@sobbayi.com> wrote:
>> > How about this... you put in PIN2 and it shows 10% of actual balance.
>> > Thereafter if you try and put in PIN1 it will show the same balance that
>> > PIN2 showed minus any transactions. so from the point PIN2 is used until
>> > it is reset at the bank, PIN1 will base its fake balance on PIN2.
>> > therefore its going to be hard for the thief to determine. If at that
>> > point the thug asks for a mini statement, the System can throw an
>> > exception and blame it on network problems... better still all ATMs at
>> > the same location can also be triggered to go offline... this additional
>> > security behaviors can be kept secret from general public. and also
>> > protect other users that stumble on the robbery and fall victims
>> > themselves. So the longer the thugs are busy trying to use other ATMs in
>> > the same enclosure the cops will hopefully be there.
>> >
>> > Tech List Kenya wrote:
>> >> Just remembered, wat if thugs demand you generate a mini statement?
>> >> (gun to the head, remember). Wil the anti-theft system fake this also?
>> >>
>> >> On 10/7/09, Tech List Kenya <techlistkenya@gmail.com> wrote:
>> >>
>> >>> Gnod point @Tony. Maybe it can be done in such a way that:
>> >>> 1.  If Pin2 is entered first, from then on the pin1 bal is *always*
>> >>> less until it is reset from the banking hall.
>> >>>
>> >>> 2. If pin1 is entered first, tough luck to the customer.
>> >>>
>> >>> In other words, if put in succession, the 2nd bal wil be less hence
>> >>> thugs wont knw which is pin1 or 2.
>> >>>
>> >>> Weakness:
>> >>> If the thug threatens that ukiweka pin2 kwanza tutajua, I wouldn't
>> >>> risk proving him/them wrong
>> >>>
>> >>> On 10/7/09, Tony Likhanga <tlikhanga@gmail.com> wrote:
>> >>>
>> >>>>> I don't get how someone would know the second PIN is the real one.
>> >>>>> As
>> >>>>> far
>> >>>>> as they're concerned they will see 1K for the second time, which is
>> >>>>> what
>> >>>>> was
>> >>>>> shown when the distress PIN was used first. They don't know that 10K
>> is
>> >>>>> in
>> >>>>> the account.
>> >>>>>
>> >>>>>
>> >>>>>
>> >>>> Wes,  I concur with Saidi. Picture this: what should be displayed if
>> >>>> I
>> >>>> feed
>> >>>> in the PINs in this order; REAL->DISTRESS?
>> >>>> As the thug, I'd simply be on the lookout for matching results.
>> >>>>
>> >>>>
>> >> _______________________________________________
>> >> Skunkworks mailing list
>> >> Skunkworks@lists.my.co.ke
>> >> http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks
>> >> Other services @ http://my.co.ke
>> >> Other lists
>> >> -------------
>> >> Announce:
>> >> http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce
>> >> Science:  http://lists.my.co.ke/cgi-bin/mailman/listinfo/science
>> >> kazi:     http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
>> >>
>> >>
>> >
>> > --
>> >
>> > SKYPE: sobbayi
>> > US: +1 202 470 0525
>> > KE: +254 722 627 691
>> >
>> > _______________________________________________
>> > Skunkworks mailing list
>> > Skunkworks@lists.my.co.ke
>> > http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks
>> > Other services @ http://my.co.ke
>> > Other lists
>> > -------------
>> > Announce:
>> http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce
>> > Science:  http://lists.my.co.ke/cgi-bin/mailman/listinfo/science
>> > kazi:     http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
>> >
>> _______________________________________________
>> Skunkworks mailing list
>> Skunkworks@lists.my.co.ke
>> http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks
>> Other services @ http://my.co.ke
>> Other lists
>> -------------
>> Announce:
>> http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce
>> Science:  http://lists.my.co.ke/cgi-bin/mailman/listinfo/science
>> kazi:     http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
>>
>
_______________________________________________
Skunkworks mailing list
Skunkworks@lists.my.co.ke
http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks
Other services @ http://my.co.ke
Other lists
-------------
Announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce
Science:  http://lists.my.co.ke/cgi-bin/mailman/listinfo/science
kazi:     http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general