Banc of America Article
Joel Baker
lucifer at lightbearer.com
Wed Jan 29 19:26:26 UTC 2003
On Wed, Jan 29, 2003 at 01:19:08PM -0500, Charles Sprickman wrote:
>
> On Wed, 29 Jan 2003, Al Rowland wrote:
>
> > Or,
> >
> > IIRC, the ATM system is similar to CC transactions. A best effort is
> > made to authorize against your account (Credit Card or Banking) but if
> > it fails and the transaction is within a normal range (your daily card
> > limit) the CC/ATM completes the transaction.
>
> So you're telling me that if I go to Kwik-E-Mart, cut the wires, put my
> card with a $0 balance in it will happily let me withdraw money? Somehow
> that doesn't sound right. How would it know my PIN, or would it assume I
> entered it correctly? How would it know my daily card limit?
Disclaimer: while I did work for a company that was (or would have been)
involved with CC transactions, I have never actually worked with CC
auth mechanisms; only discussed them with a housemate who worked on
$(MAJOR_CC_VENDOR)'s transaction/auth system.
The short answer is: yes.
The longer answer is: your PIN is on your card, the rest is recorded in the
ATM and syncronized when it has connectivity again. At which point, your
bank will be sending you a polite (or, for some amounts, not so polite)
request to pay the outstanding balance, the fees incurred for overdraft,
and other assorted charges.
Most of the financial world operates on a pair of fairly straightforward
principles:
1) It costs money to stop fraud. Unless and until the cost of fraud exceeds
the cost of stopping the fraud, it is not profitable to attempt to stop
the fraud (and, as a correllary, the effort put into stopping fraud
is limited to that amount which produces a better-than-even return on
investment). All major CC vendors simply budget for some amount of fraud
every year; it's a known risk of the business model, and is accounted
for.
2) Banks are, as a rule, care fairly little about whether you can withdraw
money that you shouldn't be able to. ATM limits are largely about
limiting the amount of damage done in the short term. What banks care
about a very great deal is trying to make sure that that nothing,
anywhere, in the entire system, can cause a transaction that doesn't
have an audit trail - and spotting such things is (relatively) easy,
because the books suddenly don't balance. Money may be information,
but *within the system*, that information is checked, double-checked,
cross-checked, and otherwise run through a really insane amount of
effort to make sure you can't create money from nothing - and can't
move it from one place to another without leaving some record of the
movement. Thus, you can get physical cash from an ATM, if the system is
out of sync, but as soon as it gets synced up again that will be linked
back to your account. The bank only really cares, then, if your account
happens to end up negative (and, as above, will take action in more
concrete ways, to deal with the situation).
Anyone who actually cares about this is strongly advised to not take my
word on it, but go do the homework for yourself; most of this information
is available to a sufficiently curious searcher.
--
***************************************************************************
Joel Baker System Administrator - lightbearer.com
lucifer at lightbearer.com http://users.lightbearer.com/lucifer/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20030129/de6cb2f7/attachment.sig>
More information about the NANOG
mailing list