Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Banc of America Article

  • From: Joel Baker
  • Date: Wed Jan 29 14:32:27 2003

On Wed, Jan 29, 2003 at 01:19:08PM -0500, Charles Sprickman wrote:
> On Wed, 29 Jan 2003, Al Rowland wrote:
> > Or,
> >
> > IIRC, the ATM system is similar to CC transactions. A best effort is
> > made to authorize against your account (Credit Card or Banking) but if
> > it fails and the transaction is within a normal range (your daily card
> > limit) the CC/ATM completes the transaction.
> So you're telling me that if I go to Kwik-E-Mart, cut the wires, put my
> card with a $0 balance in it will happily let me withdraw money?  Somehow
> that doesn't sound right.  How would it know my PIN, or would it assume I
> entered it correctly?  How would it know my daily card limit?

Disclaimer: while I did work for a company that was (or would have been)
involved with CC transactions, I have never actually worked with CC
auth mechanisms; only discussed them with a housemate who worked on
$(MAJOR_CC_VENDOR)'s transaction/auth system.

The short answer is: yes.

The longer answer is: your PIN is on your card, the rest is recorded in the
ATM and syncronized when it has connectivity again. At which point, your
bank will be sending you a polite (or, for some amounts, not so polite)
request to pay the outstanding balance, the fees incurred for overdraft,
and other assorted charges.

Most of the financial world operates on a pair of fairly straightforward

1) It costs money to stop fraud. Unless and until the cost of fraud exceeds
   the cost of stopping the fraud, it is not profitable to attempt to stop
   the fraud (and, as a correllary, the effort put into stopping fraud
   is limited to that amount which produces a better-than-even return on
   investment). All major CC vendors simply budget for some amount of fraud
   every year; it's a known risk of the business model, and is accounted

2) Banks are, as a rule, care fairly little about whether you can withdraw
   money that you shouldn't be able to. ATM limits are largely about
   limiting the amount of damage done in the short term. What banks care
   about a very great deal is trying to make sure that that nothing,
   anywhere, in the entire system, can cause a transaction that doesn't
   have an audit trail - and spotting such things is (relatively) easy,
   because the books suddenly don't balance. Money may be information,
   but *within the system*, that information is checked, double-checked,
   cross-checked, and otherwise run through a really insane amount of
   effort to make sure you can't create money from nothing - and can't
   move it from one place to another without leaving some record of the
   movement. Thus, you can get physical cash from an ATM, if the system is
   out of sync, but as soon as it gets synced up again that will be linked
   back to your account. The bank only really cares, then, if your account
   happens to end up negative (and, as above, will take action in more
   concrete ways, to deal with the situation).

Anyone who actually cares about this is strongly advised to not take my
word on it, but go do the homework for yourself; most of this information
is available to a sufficiently curious searcher.
Joel Baker                           System Administrator -    

Attachment: pgp00033.pgp
Description: PGP signature

Discussion Communities

About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home

Merit Network, Inc.