Since the previous article about the ATM aroused some interest, we continue the banking topic. "Plastic card" is the layman's name for a bank payment card (BPC). The thing in the household is extremely useful — after all, it can be perfectly used to
Cards
Visa and MasterCard/Europay payment systems are widely used in the CIS countries. The card is the property of the bank that issued it, and it is issued to the client only for the validity period of this card. If we ignore some nuances, then the cards are divided into two types – debit and credit. In Europe / USA – if you have a card like "Gold/Platinum, etc." - then you have a solid credit limit, then you are a respected person – they will smile wider at you and everyone understands that you have a lot on your mind. In any case, this was the case before. In the CIS, any student will open a Gold card for free to impress their friends over an evening beer and thus destroy the entire Western value system.
Cards can only be with a magnetic stripe, or even with a chip. Who is with the chip-he is right in the case of dispute resolution. If your card has a chip, and the ATM does not have a corresponding reader, then you are right. If the opposite is true, the ATM is correct. In Ukraine, there are still not so many ATMs / terminals that serve chip cards – for example, I personally find it difficult to withdraw money – I have to look for them. If you try to withdraw money from an unsupported device, the amount may be blocked. Sometimes. For 30 days. Unpleasant.
It is quite difficult to demagnetize a magnetic stripe in a card. Local payment cards are more susceptible to this (I'll tell you about them later), but for several years I only had one international payment card that was demagnetized. By that time, about 15 thousand of them had passed through me personally, so I think this is not much.
Cards are also used in access control systems. If the ATM is located in the lobby of a bank branch-then at night – you can get there (if provided) - by swiping the card on the device at the entrance. The device is suitable for any bank card (note to homeless people-in the halls of branches it is warm and cozy).
ATMs of a foreign bank may not always be able to view your card balance. In general, ATMs are set up not for their own customers, but for others – to earn a (generally quite good) commission. The average payback of ATM (if you calculate the dirty commission) was about 4-5 years in 2004-2007. My first accountable ATM, installed in 2002, only paid off in 2006. Of course, there are indirect savings – on unloading the cashier, round-the-clock work again... but there are also costs for collection, maintenance, etc.
If a bank card that is listed as stolen is inserted into an ATM, it will pick it up without further ado. If via the POS-terminal – the cashier is shown – withdraw the card. At the same time, this information will also be displayed in the processing center – and the operator on duty can call law enforcement agencies to detain the fraudster to the point of sale/branch. If the cashier didn
When a card is handed over to the bank, it must be destroyed. For example, in a shredder. Often shredders do not happen, so severe scissors are used. The plastic is hard, and 400-600 cards may accumulate at the end of the month – but you need to cut them so as to damage the magnetic stripe, card number, and owner's name.
Look at your card. It has the card number on it. The first digit-4 - is Visa, 5-MasterCard, 6-Maestro, etc. The first six digits are the bank's BIN. There are reference books. The card has its expiration date. The card is valid until the last calendar day of the month specified. If you received a new card before the expiration date of the old one, the old one will still work, but when you make the first operation on the new card, the new one starts working. Banks receive (buy) keys for generation for a certain period of time. For a year/two/five. This is exactly what determines the maximum period for which cards are issued.
Labels on the card can be simply plotted or stamped (embossed). Why is this necessary?
Imprinter
Historical device. The first ones appeared back in the 40s, but they also worked successfully in the two thousandth. Maybe where they work to this day. A cliche of a retail outlet/bank branch is attached to the imprinter, which also contains identifying information of the point. The customer's card is placed in a special niche, the so – called "slip" — a self-copying form is placed on top, we roll it on top and get an impression on the card and retail outlet data forms. Paid off. Recently, cards (especially low-level ones) are issued with printing of identification information, rather than squeezing it out. Although I subjectively like "old-style" more.
Processing center
Cards are registered and serviced not in banks, but in processing centers (PC). This is a rather complex organizational and technical institution. Only large banks can afford to set up their own PC. Small banks-enter into service contracts in someone's PC. In addition to cards, processing also serves all devices that interact with payment systems – ATMs, POS terminals and systems, software complexes. The bank opens a current account for the client and issues the card. Theoretically, it is possible that the current account of two clients in different banks will match (in fact, the chance is even less, because the account number has check digits, which are calculated using the bank code, but the check digit may also match....) – the point is that both of these banks can work with a single PC. So, the card has its own technical account in the PC, which the client may not even know about. Therefore, all operations with the card in the PC are performed on this technical account. When funds are credited to the card – the bank informs the PC that it is necessary to transfer funds to such and such a technical account. Thus, there is a double accounting-inside the bank and inside the PC (more precisely, the entire payment system).
Bank
Banks, as a rule, print (issue/emboss)themselves your own cards. Information about generated cards and PIN codes is obtained from the PC – the bank charges its unit – cards are stamped and codes are printed. The average performance is 400 cards per hour. You make a mistake when ordering a card and write some numbers or punctuation marks in the owner's name – it turns out to be quite interesting
A moment of humor.
Correctional colony. All prisoners are paid a salary for their work performed. Pennies, but for the entire term, some amounts run up. The bank (not mine) enters into a salary project with the Department of Corrections and all prisoners are printed cards. A lot. Very much. Printed, brought to issue. The head of the colony took the first available card and almost had a stroke. After saying a few unprintable words, he asked how he would give these cards to his wards? I had to get out of here and retype all the cards.
Under the spoiler – you can find out the reason for the prison chief's frustration.
I think explanations are unnecessary
Scammers
In the comments to the last article, there was an interest in fraud and hacking. So – despite feature films and fables on the Internet, life has shown that in fact there are only two options for expropriation. In the first case, you need to work with your hands, and in the second – with your head.
In the first case, it will be a banal robbery. The ATM is a heavy piece – 900-1200 kilograms-average weight. Plus, as a rule, it is conscientiously bolted to the floor. Here, as far as the imagination is enough. A harpoon breaks through the screen of a street display ATM. The cable. Truck. On the spurt. With a screeching winch, we pull the ATM onto the truck platform and legs. In a quiet, relaxed atmosphere, we open the safe without hurrying. Or at an aircraft factory – a group of highly qualified locksmiths and turners of the sixth category open the factory ATM in the shop and withdraw the contents without too much noise. We're a smart bunch of people.
In the second case, we are talking about stealing personal data about cards. Banks do not store this information. It is very fantastic to steal a database directly from the human Rights center (of course, not remotely, but from within) - but this also happens. Often, everything is more mundane and we'll talk about skimmers and pads.
Banks often hang antiskimers on ATMs. But visually, skimers can also look like this. And it's very easy to build your own skimmer into the antiskimer. It is very thin in itself. Its task is to count the magnetic stripe in the card and write it to your memory (less often)/transmit it over Wi-Fi (more often). But the magnetic stripe isn't enough. You need a PIN code. So it will be a miniature video camera (built-in anywhere) or a spy (through binoculars from the window of the house opposite).
It can also be a keyboard overlay. But this is more complicated. The pad itself is quite expensive-several thousand euros can cost suitable models. Therefore, if you find an overlay on the keyboard-better pretend to be a monument and, without flashing, leave, because that company of students who drink beer on a bench or a group of gloomy men in leather jackets-it is here for a reason, but to control the situation-so that no one will stamp a valuable thing.
A trained eye will almost always detect that the ATM has an overlay-because it is very difficult to fit exactly the top panel of the ATM – this is painstaking work, and the task is to quickly get a set of data and go to another ATM.
In general, you should always assume that there is a skimmer in the ATM and there is a miniature camera (technology does not stand still). Therefore, withdraw money from a trusted ATM whose appearance you remember, cover the keyboard with your other hand/wallet when you enter the code – and the chance of getting hurt is minimal.
A separate topic is fake ATMs, but the chance of finding an ATM in a landfill is extremely small – so this topic is more popular for European countries. This is when there is an ATM on the street – you go to withdraw money – it asks for the PIN code, the withdrawal amount, but at the end it writes something from the "communication error" series and you calmly go to another ATM. And your data has already been passed on to the right people.
As for hacking over the network/Internet-the chance is negligible. Even being in the same network with an ATM and putting a sniffer and having all the traffic-you need to do a lot of work to decrypt it and then you need to study all the exchange protocols-because you will have to simulate the exchange between the PC and ATM with this particular card.... By then, you'll be working a serious job under serious supervision.
In short, Sklifosovsky!
What do you do with the received card data and PIN codes? White plastic. A magnetic stripe is written on it from the card. It turns out to be a clone. We go to a third world country and withdraw money via ATM from the card (knowing the PIN code). This is done massively in organized groups. Everyone gets their share.
Separately, I would like to mention cardholders (especially older ones) who write (scratch) the PIN code on the card. I won't say anything about them – just mark them. The height of cynicism is to scribble the wrong code.
At one time, I managed a local payment system in a bank for two years. Your own emulation point, processing, your own operational banking day, offline accounting, balance sheet, points of issue and service. Specific equipment. But that's another story. I'll tell you later.
Bonus-common in narrow circles accordion (but little known to the general public) - PSD template for drawing your own VISA card design
Image to attract attention
http://userside.ua/main/files/simple-card.zip 6.5МБ
(c) UserSide
