Once I reissued the card and they brought it to work. I wanted to change my PIN. And he did it - through a mobile bank. But how did the new PIN get into the card? There was a little adventure in this regard
Adventure is a big word, of course.
In general, I changed the PIN in the mobile bank, but the card was in my wallet all this time. I changed my PIN - I confess, out of laziness. I wanted the PIN to remain the same as on the expired card. Not safe, I know ...
In general, I come to the store, pick up the trolley, go to the checkout. The hour of reckoning has come. I insert the card ... And I dial a new PIN, which I set in the mobile bank. And, quite naturally, PIN ... does not fit.
I don’t know how I blundered so much that I forgot about it. I know how everything works ...
In general, I got a little nervous and ask you to repeat the operation. This time I dial the old PIN (which was given to me along with the card).
It is absolutely logical that ... The old one does not fit either!
Everything in my head got mixed up. I ask you to carry out the operation for the third time ... And again I dial a new PIN.
Phew ... Came up.
I walked in with a full package of groceries and reproached myself, how could I forget about this procedure ...
In general, I’m telling you why everything happened the way it did, and how it works.
When a transaction is carried out online (which in most cases happens like this; at least in supermarkets, for sure), the terminal and the card form a rather large authorization request. There is information about the terminal, and its address, and the amount, and currency, and information about the card, and a random number that is signed by the card ... In general, the whole novel "War and Peace".
In general, a very intense dialogue has been going on between the card and the terminal all this time, which I often compare with the following scene in my story. Somewhere in a deserted place two dull-toned cars meet, from which two people in black glasses and with diplomats come out. In one diplomat - dollars, in the other - mmm ... white powder. And they have to decide whether they trust each other or not. In our case (online authorization), they decide not to trust each other, and they call Don (the owner of the money), who is guaranteed that the money is real. Those. there is enough money on the card.
Basically, this authorization request is sent to Don ... i.e. to the issuing bank (card issuer), it sends an authorization response in response. And together with them it can send special scripts (Issuer Scripts). This is a set of commands for the map. The commands are signed with a secret key, the card makes sure that the signature is correct, i.e. the commands were sent by the correct bank.
There is a lot you can do with these map scripts. Block all applications on the card, block / unblock a specific application, change files, parameters, as well as change or unblock the PIN of the card.
When receiving such commands, the card necessarily executes them and remembers the result of the execution (successful or not).
Note that it doesn't matter if the transaction was allowed. There may be a refusal to pay, but the scripts will still come and be executed.
These scripts got into the bank's database when I performed the corresponding actions in the Internet bank, and waited in the wings for me to insert the card into some ATM or terminal, and the card would be connected to the bank.
In general, this is what happened to my card.
I inserted it into the terminal and entered a new (not yet installed in the card!) PIN. The terminal sent a request, the card received a negative response and scripts containing a command to change the PIN. Now, despite the denial of authorization (payment), there is a new PIN on the card. But I got nervous and entered the old PIN (which was no longer valid!). Therefore, the second attempt also failed. Well, from the third time I finally entered a new, already valid PIN - now everything went well.
So, if you change something on the card through the Internet bank, then be aware that the changes take effect only at the end of the operation.
