HE danger of massive theft from bank and building society cash machines was dismissed by bank security sources in Dublin this week.
As seven conspirators admitted in a London court their part in a plot to steal hundreds of millions from cash dispensers, Irish bank sources said it was hard to see how the scheme would have worked. Banks and building societies are always reluctant to discuss plastic card fraud on cash machines because of the danger of loss of confidence in a system which has become so important for financial transactions.
The gang planned to bribe British Telecom employees to tap into the lines that run between the cash dispensers and the main computers ink bank and building society headquarters.
These computers contain all the relevant details of about 30 million personal bank accounts held throughout the UK.
By tapping into the lines the gang planned to obtain confidential information entered by customers. They intended to use sophisticated computer hardware and software to decode the customer information.
The gang then planned to use this information to make bogus cash cards which they would then use to withdraw huge sums of cash from the accounts of bank and building societies customers throughout Britain and elsewhere. The plot was foiled when a computer expert the gang tried to recruit informed the police.
Security sources at the main Irish banks insisted that it would be "almost impossible" to make this scheme work in the Irish market. "First of all we run closed group networks, not leased lines for electronic transfers. It is not possible to tap into these closed networks in the same way as leased lines could be tapped into," a senior banking source insisted.
Information fed into cash automated teller machines is immediately "encrypted" or put into a form of gibberish, he explained. This makes the information meaningless until it is decoded. "I was puzzled when the gang said they would crack this "code", he said. The Irish banks encrypt information according to US standards using 64 or more randomly generated digits and "secure keys", he said. Enciphering is complex and takes place at a number of levels, he said.
"The complex way information is enciphered, encoded and then doubly enciphered, the random values used and because no one person or section within the organisation knows more than three of the digit values used, means that, even if someone got as far as getting into the information, they would not be able to decipher it," he maintained.
Reports said that the British police found that the gang's computer equipment was not sophisticated enough to decipher most of the information required to make the plot work.
But the source warned that bank and building society customers should ensure that their personal identity numbers (PIN) are kept secret. "It is possible to generate a cash card if someone knows the PIN. Sometimes bank customers are approached by someone doing `research' and invited to enter in a free draw by entering their card in the researcher's personal computer."
While a card can be forged with the customers PIN, a bank can verify that it is a false card through the card verification value (CVV). The CVV contains extra data on the customer that cannot be read from the card.