"Own" and "strangers" for the ATM

[Brother]

I once wrote about how ATMs are programmed. Today - a tale about what dialogue options are provided in these programs.

After the ATM has read the card, the script usually tries to decide which branch of the script to go next. The fact is that a script usually has several different branches. Which of them to go depends on the specific card. There are three main options. These are "ours", "strangers" and "administrative" cards. Generally speaking, for each type (both for own, and for others, and for administrative) cards, the scenario can additionally branch, depending on what services the bank wants to provide to the client (or the collector, they have "administrative" cards).

This division into three main branches exists for this reason. Well, about the administrative cards it is clear, there are completely different operations. Change bill counters, balance ATM, etc. It is clear that such a scenario should never be shown to ordinary ATM visitors. Therefore, the "administrative" branch is separate. Let's talk a little more about the other two branches.

Ours and others​

The main reason why you have to divide cards into "ours" and "others" is this. When our client comes and has an account in our bank, we know a lot about this client. I would say too much (judging from the client's perspective). Therefore, we can provide him with the maximum service. For example, we may have our own loyalty program (even a bonus account nominated in emoticons), which only we and our customers know about, and the rest of the banks (and payment systems) are not in a dream or spirit about it. Or the client has payment templates, and through the ATM we provide him with a simple and quick way to make a payment using this template. In general, you can dream up a little. Much will not work - banking services for clients, whatever one may say, are reduced to the movement of money in favor of individuals or legal entities,

Therefore, for our client, we are launching a script branch for "our" maps, in which all this externally varied functionality is located.

But if a client came with a card of another bank, then it is more difficult. We can provide services for it only those that are allowed to us by a specific international payment system (to which this card belongs). I mean, JCB is there, AmEx and other Visas / Mastercards. Because we will conduct the request for data through the payment system, because in general we do not know what bank issued this card, we will only ask for an intermediary - the payment system. Therefore - down with the abundance of loyalty programs, payments for personal templates and other ways to reduce the card balance. Only the main thing, only hardcore! To do this, we have a script branch for "alien" cards.

In addition to these three options, we may want to be more flexible in managing the opportunities we generously share with our clients. For example, a client came with "our" card, but he has it - oh God! - platinum! I would like to immediately please such a client with more karsky screens, more courteous text, and maybe a couple of additional menu items that enhance the illusion of greatness.

Or here's a more realistic case. We issue cards of two different payment systems: MisterHard and Zhiza. In principle, it may happen that we can provide some additional services for one of the brands. Yes, at least in order to stimulate the purchase of cards of this particular brand. In both cases, the cards are "ours", but the branches of the scenario are again different.

With collectors, you can also dream up different cases, for example, different cards give different powers. But here I am already fantasizing a lot, I do not think that there are business processes in which two different collectors are required.

In general, it is sometimes really necessary to "branch" the script, and at least two branches are present in the average scenario - "our" and "foreign" cards. Administrative branches are not everywhere - because ATMs have built-in tools for cash collection. If the bank is small, then this process may not be automated, and in such cases it is possible to do without a special card at all. Everything is done through a phone call to the operator, who remotely switches the ATM to supervisor mode.

Map prefixes​

The script branching occurs depending on which digits the PAN (number) of the card begins with. The fact is that in the world of plastic cards a simple and convenient way is used to "sort" cards. This method uses the so-called. prefixes - the first few digits of card numbers. Generally speaking, when a bank buys a membership in a payment system, it also buys a block of card numbers, the so-called BIN range. BIN - Bank Identification Number, the payment system assigns to a new member a range of card numbers that the bank has the right to assign to issued cards. Moreover, each system has its own range of numbers. There is a dedicated site where you can see this breakdown: https://www.bindb.com/ That is, knowing only the card number, you can understand which payment system it belongs to.

In turn, the bank can split this block of numbers in a certain way at its discretion. For example, one of my cards starts with 548472 - this is MasterCard Platinum. In turn, the bank can split this range, for example, into 54847200 and 54847222 (invented right now), and use one prefix for one card product, and the other for another. Both card products are MasterCard Platinum, but, for example, one of them has some kind of special loyalty program connected. Or, let’s say, another product is for retirees, which entails different conditions of service (most often, just other loyalty programs; I’m saying, it’s extremely difficult to come up with something new in the banking sector).

So, in the ATM protocols this is a routine operation - analysis of the prefix of the entered card and selection of the corresponding script branch. In total, due to technical limitations (no more than eight parameters per scenario state), there can be a maximum of eight scenario branches. By the way, administrative cards have a prefix such that it does not correspond to any payment system. For example, it starts with eights there, or nines, or something like that.

Wrong PIN scenario​

There is one cool moment in interacting with an ATM.

Despite the fact that the ATM is constantly in touch with the processing center (maintains a network connection), and if the connection is broken, it closes and stops working, in fact, the request is sent to processing only at some stages of the script.

You go to the ATM, insert the card. The ATM reads it. Further, most often, you are asked for a PIN. Therefore, you go through different menus, choose what you need, etc. All this time the ATM does not send any requests to processing! Yes Yes. For now, he is simply gathering the necessary information from you. Fills and prepares the necessary buffers (data stores). Selected operation, amount, PIN block, additional buffers. And only at one of the stages, all this collected information is sent to the processing center. Most often - after some menu "confirm the operation" or "do you need a receipt?" And only at this moment the processing center can check your PIN. And if you are mistaken, then only now will you find out about it. The ATM will enter the service state of repeated PIN request. Maybe, will seize the card (if the limit for entering the wrong PIN has been exceeded). If the card is not captured and you entered the correct PIN, all buffers (along with the new PIN value) will be re-sent to processing, and there, if everything is fine with the rest of the values, the transaction will be processed.

With the "administrative" branch of the script, such liberties should not be allowed. I mean, you can't be allowed to wander around the menus before checking your PIN. In the administrative branches, usually a PIN verification request occurs immediately after it is entered. And only if the PIN is suitable - only then it will be possible to look at the menus.

By the way, according to all security canons, the collector usually does not have access to the contents of the cassettes, he simply takes out the spent sealed cassettes and inserts the filled ones (and also sealed ones). And access to the safe part of the ATM requires knowledge of the code for the combination lock and the presence of a mechanical key. I mean, having an administrative card doesn't give you any absolute power