How ATM fraud nearly brought down British banking | The Register

Here's a fascinating story from The Register about how dangerously close to collapse the UK banking system was around 10 years ago, because of a distinct lack of security surrounding cash machines and PINs.

For example, cash cards did not use to encrypt the PIN number with the bank account number, so that it was possible to re-encode the account number on a card without altering the PIN.

The computing staff at one bank - the Rogue bank - had discovered through the dummy accounts how to fix the PIN generator so that it would only generate three different PINs in all the PINs issued. By creating a number of dummy accounts and getting new PINs issued for them, they could capture the sequence. Then all that was needed was to recode the cards so they would point to different account numbers, try the three PINs (ATMs gave you three chances) and they were away.

How scary is that? The register don't name the bank concerned, but Jaysus, when you think about it. The kind of people who know a lot about computers (we all know the type) are also the kind of people who like to do things just because they can, regardless of the moral consequences, and these are precisely the people that banks and other businesses rely on to run their computing systems. Sure, there are grown-ups around too, but can you tell the difference?