Better Secure ATMs Than Sorry

In June 2014, two 14-year-old computer freaks in Canada pushed the Bank of Montreal to update its safety after they had utilized the ATM’s (automatic teller machine) operating manual to discover roughly all the data required to reprogram the ATM. They merely required its password, which they properly guessed at their initial try by utilizing 000000, an ordinary default setting for most of the ATMs.

The ATM’s only job is to smooth the process of communication between the main server of the bank and the customer. This comprises setting up the identity of banking and the user. All communications between the server and the ATM are protected. As users, we actually do not know of the communication and encryption procedures follow appropriate security measures or not.

Users can be contended in 2 ways. If only the ways of communication and encryption are disclosed that applicable experts can judge the safety of the network. On the other hand, the more suitable alternative is to have the RBI (Reserve Bank of India) set up a cell to certify and study such safety in ATMs. But, to the best of our information, RBI does not contain any such group yet.

Note that all safety proofs of all the techniques of encryption utilize the supposition that the PIN (personal identification number) utilized by the user is artificial-random, that is, a sequence of numbers fulfilling one or more statistical trails for arbitrariness but made by a definite procedure of math.

As per cryptographer-mathematician Claude Shannon, “If the mutual data between the message to be stored or sent really, and the one that is to be stored or sent be zero, the network is claimed to be completely safe.” This indicates that when transformed to binary string, they might act such as an impartial coin being tossed independently repeatedly (“independently” indicating the toss not manipulating whether it will be tails or heads).

But the normal propensity of most of the users is to utilize PINs that we might not forget. So, the PIN turns out to be very much non-arbitrary, representing grave compromise in safety. The PIN is decrypted and encrypted at the time of the transactions.