Thursday, 4 November 2010

Strange ATM / Cash Card bug?

I recently had a cash card from a major UK bank.

I used to put it in any ATM / Cash Point, punch in my pin, and get access to the services. I used to be able to draw statements and check my balance. But as soon as I tried to draw money, immediately the machine would eject my card and give me the error message "Temporary error processing your request. Please try again later". No matter which machine or bank I tried, always the same result.

A while ago, friends of mine in that space told me about the ATM / Cash Point algorithm. And the only really significant thing that I remember, is that the machine only actually authenticates your pin against your bank once you select the service that requires authentication... eg balance request, mini statement, draw money.

So...what was going on? I have thought about it for a while now, and still no idea. When I eventually contacted my bank, they told me not to worry as clearly the faults I was experiencing were temporary faults that existed only the Cash Point machines. Yet all my data points told me something else was happening. Eventually the "helpful" call centre operator suggested I just get a new card. Which I did, and it did solve my problem.

I can only think that there was a "magic sequence" of numbers encoded somewhere in the chip / magnetic strip of that particular card which was causing a very nasty bug on the various Cash Point hardwares/softwares to show itself. Lucky me.

Or unlucky them...could such a magic number really exist somewhere and be used somehow to cause a buffer overflow attack on what I've pretty much taken for granted is a well and truly stable set of components and systems after all these years?

These kinds of puzzles is why software, software engineering and software quality will always keep me interested.