Browse Prior Art Database

Authenticating Automated Teller Machines to Users

IP.com Disclosure Number: IPCOM000112830D
Original Publication Date: 1994-Jun-01
Included in the Prior Art Database: 2005-Mar-27
Document File: 2 page(s) / 72K

Publishing Venue

IBM

Related People

Carlson, SA: AUTHOR [+6]

Abstract

An Automated Teller Machine (ATM) could present a private authentication code to each user, validating that the ATM is not a counterfeit machine installed for fraudulent purposes.

This text was extracted from an ASCII text file.
This is the abbreviated version, containing approximately 52% of the total text.

Authenticating Automated Teller Machines to Users

      An Automated Teller Machine (ATM) could present a private
authentication code to each user, validating that the ATM is not a
counterfeit machine installed for fraudulent purposes.

      This disclosure describes two procedures that would enable
users to validate that an Automated Teller Machine (ATM) is not a
counterfeit machine.  Both rely on information known only to the bank
and the customer, information unavailable to those who plot fraud.
Here we will call this information an authentication_id.  The
authentication_id might be something like the customer's home address
and/or his or her mother's maiden name.  It could also be a
meaningful word, chosen by the customer, such as the name of a pet or
a favorite color.

1.  Protection of Customer Pin Number and Identifying a Counterfeit
    ATM

          This method provides the greatest level of security.  An
    ATM transaction would proceed as follows:

    a.  The customer would insert his ATM card that contains his
        account number, then enter all transaction information.  The
        customer does not enter his pin number yet.  If the line
        connection is switched, a call is now made to a computer
        where users' bank account numbers, PINs, and
        authentication_ids are stored in a data base.

    b.  A valid ATM will now receive the authentication_id from the
        data base computer and display it.  The customer will become
        used to seeing his authentication_id and expect it.  To
        reinforce what should occur here, a message might be
        displayed such as, "For your protection, should you ever
        encounter an ATM machine that does not display correct
        account information as it appears on this screen, report this
        situation at once by calling the toll free number appearing
        on your ATM card, and do not enter your pin number or proceed
        with the transaction."

    c.  If the ATM is counterfeit, the customer wi...