Atm Fraud Nearly Brought Down British Banking

Posted3 months agoActive3 months ago

bediger4000

12 points

3 comments

theregister.comTechstory

calmnegative

Debate

20/100

Banking SecurityAtm FraudCryptography

Key topics

Banking Security

Atm Fraud

Cryptography

A historical incident of ATM fraud nearly brought down British banking, highlighting the importance of robust security measures and the limitations of outdated technology. The discussion centers around the lessons learned from this incident, particularly the need for secure PIN storage and verification.

Snapshot generated from the HN discussion

Discussion Activity

Light discussion

First comment

Peak period

2-4h

Avg / period

Key moments

01Story posted
Oct 20, 2025 at 5:20 PM EDT
3 months ago
Step 01
02First comment
Oct 20, 2025 at 8:02 PM EDT
3h after posting
Step 02
03Peak activity
1 comments in 2-4h
Hottest window of the conversation
Step 03
04Latest activity
Oct 21, 2025 at 12:41 PM EDT
3 months ago
Step 04

Generating AI Summary...

Analyzing up to 500 comments to identify key contributors and discussion patterns

Discussion (3 comments)

Showing 3 comments

lifeisstillgood

3 months ago

1 reply

For me the lesson is not something that happened years ago, but that all to often a system that “ought” to work is handcapped by not accepting it cannot work as stated - there just was not enough computing power to send PINS to a central computer to verify and lookup, so you store the pin on the card. Then you don’t salt it with the account number, you just encrypt my pin with the same key as your pin. And both encrypted values are in the open. Swap my pin onto your stripe and I then can withdraw from your account.

The fix? Not sure. I think there is a lot more to the story than I know - but the problem is I’m not sure anyone knows

And using it “in the public interest” Is just bollocks

I think this is why OSS matters - if this scheme was published no-one would have trusted it. And queues at banks would have got longer.

Would that matter?

bediger4000Author

3 months ago

Not in this case - an entire bank's IT department was in on the magic ATM cards.

more_corn

3 months ago

This is wild

View full discussion on Hacker News

ID: 45649523Type: storyLast synced: 11/20/2025, 3:41:08 PM

Want the full context?

Jump to the original sources

Read the primary article or dive into the live Hacker News thread when you're ready.

Open link View on HN