Making Cash Dispensers Safer with DES
In 1979 the first automatic teller machines exploiting the Data Encryption Standard to prevent fraudulent use were introduced. The first systems in use were the IBM system, launched in 1979 and the VISA system introduced shortly afterwards, which can be seen as an enhancement to the IBM concept.
The security of these systems was based on two concepts: ownership and knowledge, combining the use of a plastic card with a magnetic strip and a personal identification number (PIN). Like most modern cash dispenser systems, the systems in 1979 related the PIN to the account number in a secret way to prevent abuse.
The PINs were calculated similar to the following scheme:
One needed to take the last 5 digits of the unique account number, generate 11 validation digits and add them in front of partial account number. Very often the validation data that was used was equivalent to the first 11 digits of the account number and some banks also liked to use a function of the card issue date for this purpose. The resulting 16 digits were encrypted with the data encryption standard using a sixteen digit key called PIN-key. The first 4 digits of the DES output were decimalised and called the ‘Natural PIN’ and given directly to their customers by many banks. Later some banks decided to add a different 4 digit number called ‘The Offset’ to the natural PIN resulting in the final PIN which the user had to enter at the automatic teller machine.
The following lines show a sample PIN calculation:
Account number: 4506602100091715
Last 5 digits: 91715
Validation data: 88070123456
Data input to DES algorithm: 8807012345691715
PIN key input to DES algorithm: FEFEFEFEFEFEFEFE
Output of DES algorithm: A2CE126C69AEC82D
First four digits decimalised (Natural PIN): 0224 A=(1)0 2=2 C=(1)2 E=(1)4
Customer PIN: 6789
Although DES was a highly sufficient algorithm for the encryption of PINs in the 1970s, cash dispenser systems at that time were not very safe because the engineers sometimes forgot about backdoors that could easily be used to steal money from someone’s account.
As a negative example one bank in Great Britain can be mentioned, that decided to just encrypt the PIN and write it to the card. Criminals found out that by taking a card whose PIN they knew, and changing the account number on the strip to an account number that could easily be found out by reading a discarded receipt, they could use their own PIN to withdraw all the money on the other account.