From msuinfo!netnews.upenn.edu!news.amherst.edu!news.mtholyoke.edu!world!news.kei.com!MathWorks.Com!ropa.eng.gtefsd.com!howland.reston.ans.net!EU.net!sunic!ugle.unit.no!ugle.unit.no!hanche Sat May 281:35:17 1994
Path: msuinfo!netnews.upenn.edu!news.amherst.edu!news.mtholyoke.edu!world!news.kei.com!MathWorks.Comuropa.eng.gtefsd.com!howland.reston.ans.net!EU.net!sunic!ugle.unit.no!ugle.unit.no!hanche
From: hanche@pyanfar.imf.unit.no (Harald Hanche-Olsen)
Newsgroups: sci.crypt
Subject: Re: Unsecure Cash machines
Date: 25 May 1994 19:05:22 GMT
Organization: University of Trondheim, Norway
Lines: 35
Message-ID: <HANCHE.94May25210522@pyanfar.imf.unit.no>
References: <2rj35l$357@nef.ens.fr> <2ru55j$mhd@nntp.ucs.ubc.ca>
	<2rvd9k$rvf@lyra.csx.cam.ac.uk> <CqD8Au.CuM@cogsci.ed.ac.uk>
NNTP-Posting-Host: pyanfar.imf.unit.no
In-reply-to: richard@cogsci.ed.ac.uk's message of Wed, 25 May 1994 15:56:54 GMT

A paper that was posted to the net a good while back has the
following information about how the PIN is computed for a VISA card:
(At least I think that is what he's saying...)

  PINs are calculated as follows. Take the last five significant digits of the 
  account number, and prefix them by eleven digits of validation data. These 
  are often the first eleven digits of the account number; they could also be a 
  function of the card issue date. In any case, the resulting sixteen digit 
  value is input to an encryption algorithm (which for IBM and VISA systems is 
  DES, the US Data Encryption Standard algorithm), and encrypted using a sixteen 
  digit key called the PIN key. The first four digits of the result are 
  decimalised, and the result is called the `Natural PIN'.

  Many banks just issued the natural PIN to their customers. However, some of 
  them decided that they wished to let their customers choose their own PINs, 
  or to change a PIN if it became known to somebody else. There is therefore a 
  four digit number, called the offset, which is added to the natural PIN to 
  give the PIN which the cusomer must enter at the ATM keyboard.

Reference: Article <1992Dec8.112125.22462@infodev.cam.ac.uk> by
rja14@cl.cam.ac.uk (Ross Anderson) of Tue, 8 Dec 1992 11:21:25 GMT.

This explains both how the PIN can be encrypted on the card and how
the user may change it.  The paper goes on to talk about how this
encryption is worthless unless good protocols are adhered to.  Of
course, an interesting situation will occur if the PIN key is ever
compromised...

For a while at least, I'll make my copy of that paper available at

  http://www.imf.unit.no/~hanche/atm.tex.gz

for those who may be interested in more detail.

- Harald