Hey Saidi, you took the words from my mouth (actually my fingertips). I don't think the idea has been understood. That's why I haven't responded to most of the responses coz it will take me a whole day to break this down.
 
However I appreciate the input, it got me thinking of one or two things that can go wrong, but can still be solved if there is will.
 
8~)
 


--- On Thu, 10/8/09, saidimu apale <saidimu@gmail.com> wrote:

From: saidimu apale <saidimu@gmail.com>
Subject: Re: [Skunkworks] Guardin against ATM thefts
To: "Skunkworks Forum" <skunkworks@lists.my.co.ke>
Date: Thursday, October 8, 2009, 8:02 AM

The thugs have no way of telling you are lying since the system doesn't depend on the thugs being unaware of the system. They know you have 2 PINs but they can't tell which one is the real one, that is unless you have found an error in the logic presented.

I don't think people have sufficiently understood wesley's idea. It is simple but is quite clever.
The other ideas about having 2 accounts are impractical and prone to error (what if you mix up the balances of the 2 accounts and carry the wrong ATM card, the one with the greater balance?)

saidi

On Thu, Oct 8, 2009 at 12:54 AM, Rad! <conradakunga@gmail.com> wrote:
 the biggest flaw of all these suggestions is that thugs will be aware
of these measures and might kill you even if you put the real pin
first. this increases the risk for those who are cooperating. I don't
think its worth the risk. let the thugs be in no doubt the balance is
real. atm robbery is not a technical problem. it's social.

On 10/7/09, Steve Obbayi <steve@sobbayi.com> wrote:
> How about this... you put in PIN2 and it shows 10% of actual balance.
> Thereafter if you try and put in PIN1 it will show the same balance that
> PIN2 showed minus any transactions. so from the point PIN2 is used until
> it is reset at the bank, PIN1 will base its fake balance on PIN2.
> therefore its going to be hard for the thief to determine. If at that
> point the thug asks for a mini statement, the System can throw an
> exception and blame it on network problems... better still all ATMs at
> the same location can also be triggered to go offline... this additional
> security behaviors can be kept secret from general public. and also
> protect other users that stumble on the robbery and fall victims
> themselves. So the longer the thugs are busy trying to use other ATMs in
> the same enclosure the cops will hopefully be there.
>
> Tech List Kenya wrote:
>> Just remembered, wat if thugs demand you generate a mini statement?
>> (gun to the head, remember). Wil the anti-theft system fake this also?
>>
>> On 10/7/09, Tech List Kenya <techlistkenya@gmail.com> wrote:
>>
>>> Gnod point @Tony. Maybe it can be done in such a way that:
>>> 1.  If Pin2 is entered first, from then on the pin1 bal is *always*
>>> less until it is reset from the banking hall.
>>>
>>> 2. If pin1 is entered first, tough luck to the customer.
>>>
>>> In other words, if put in succession, the 2nd bal wil be less hence
>>> thugs wont knw which is pin1 or 2.
>>>
>>> Weakness:
>>> If the thug threatens that ukiweka pin2 kwanza tutajua, I wouldn't
>>> risk proving him/them wrong
>>>
>>> On 10/7/09, Tony Likhanga <tlikhanga@gmail.com> wrote:
>>>
>>>>> I don't get how someone would know the second PIN is the real one. As
>>>>> far
>>>>> as they're concerned they will see 1K for the second time, which is
>>>>> what
>>>>> was
>>>>> shown when the distress PIN was used first. They don't know that 10K is
>>>>> in
>>>>> the account.
>>>>>
>>>>>
>>>>>
>>>> Wes,  I concur with Saidi. Picture this: what should be displayed if I
>>>> feed
>>>> in the PINs in this order; REAL->DISTRESS?
>>>> As the thug, I'd simply be on the lookout for matching results.
>>>>
>>>>
>> _______________________________________________
>> Skunkworks mailing list
>> Skunkworks@lists.my.co.ke
>> http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks
>> Other services @ http://my.co.ke
>> Other lists
>> -------------
>> Announce:
>> http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce
>> Science:  http://lists.my.co.ke/cgi-bin/mailman/listinfo/science
>> kazi:     http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
>>
>>
>
> --
>
> SKYPE: sobbayi
> US: +1 202 470 0525
> KE: +254 722 627 691
>
> _______________________________________________
> Skunkworks mailing list
> Skunkworks@lists.my.co.ke
> http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks
> Other services @ http://my.co.ke
> Other lists
> -------------
> Announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce
> Science:  http://lists.my.co.ke/cgi-bin/mailman/listinfo/science
> kazi:     http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
>
_______________________________________________
Skunkworks mailing list
Skunkworks@lists.my.co.ke
http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks
Other services @ http://my.co.ke
Other lists
-------------
Announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce
Science:  http://lists.my.co.ke/cgi-bin/mailman/listinfo/science
kazi:     http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general


-----Inline Attachment Follows-----

_______________________________________________
Skunkworks mailing list
Skunkworks@lists.my.co.ke
http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks
Other services @ http://my.co.ke
Other lists
-------------
Announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce
Science:  http://lists.my.co.ke/cgi-bin/mailman/listinfo/science
kazi:     http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general