For reasons of public convenience and economy a variety of systems have been developed for executing user requested transactions. One example is a check cashing machine. Such a machine reads data from a check inserted therein and issues cash equal to the amount of the check if the check is found to be in order. Other systems have been developed for use in conjunction with credit cards.
One credit card system stores credit card account information in a central data base. In response to the submission of an account number from a remote terminal, the system provides information relating to the account. For instance, the system may indicate that the card has expired, that it has been stolen or may indicate the dollar amount of available credit. After a transaction is completed, the system properly adjusts the stored information to account for the transaction.
Other credit card systems, which are frequently used by banks to extend their services during times of heavy business or business closure, permit the issuance of cash or the receipt of deposits through a terminal. Such a terminal typically includes a mechanism for receiving and reading information from a credit card, a key-board, a display and document entry and exit apertures. The terminal may operate in conjunction with a data base or as a stand alone unit. Increased security for the issuance of cash without human intervention is attained by issuing a personal ID number with each credit card. A credit card transaction is then enabled only when an ID number corresponding to the account number read from the credit card is entered through the keyboard. This required correspondence prevents a thief or mere finder of a credit card from receiving cash from a terminal. If a terminal operates in conjunction with a data base the correspondence between account numbers and ID numbers can be chosen at random, but frequently the ID number is derivable from the account number in accordance with a predetermined code. In the latter situation, in order for the ID number to be chosen at random, such as by selection by the customer, an offset value is recorded on the card along with the account number, which offset value is selected such that when added or otherwise combined with the ID number derived from the account number in accordance with the predetermined code, the result is the ID number chosen at random. These predetermined relationships between ID number and account (and offset) data from the card permit a stand alone terminal to check the ID number by algorithmically relating the ID number to the account number. If credit cards issued by a plurality of cooperating banks are to be usable in a given terminal, all such banks must use the same code or algorithm, or otherwise provide for distinguishing the algorithmic relationship used in issuing ID numbers from account data. In one such system, each terminal is provided with an identical table of pseudo-randon numbers which is pseudo-randomly addressed, first with the institution identifier and then by a logical combination of the output of the table with digits of the account number. In such a system, cards may be used which have been issued by various banks, but personnel of each bank has access in its terminals to the exact algorithm used by all other banks, and with knowledge of the bank identifier code can easily reconstruct ID numbers. In another system, a key-driven algorithm is provided for determining the relation between ID numbers and account numbers. In such a system, the account number and key number are combined using linear and non-linear operations to generate a check number for comparison with the ID number. The Anderson Pat. No. 3,956,615 is such a system. For cards issued by different banks to be used in the same terminals, however, all banks must use the same key number, and the account number must be located in the same field on all cards. In one improvement on the Anderson system, a table of encrypted keys is maintained in each terminal, containing the keys required for use in the key-driven algorithm for a plurality of cooperating banks, together with data specifying the location on the card data track of account, offset, and other data to be used in generating the check number for comparison with the ID code entered at the keyboard. However, this system is bound by storage limitations on the size of such a table, and each terminal is able to operate with cards issued only by a few of the potential cooperating institutions. Further, this system cannot accommodate cards for different types where institution ID and card status are identical--such as may occur when a bank is migrating its issued card base between two different plans.
While this table derived key driven credit card and ID number identification technique improves the security of cash issue terminals and permits a plurality of banks to cooperate in honoring cards issued by the others, there are still weaknesses that may be exploited to gain access to the large amounts of cash that are stored in the terminal or available in the accounts of cooperating banks for inter-fund transfer by operation of the terminal. One serious problem relates to the security of the encryption algorithm for terminals which are capable of stand alone operation, or even on-line operation. A large number of operators or maintenance personnel are required for the day-to-day support of cash issue terminals. For example, one or two people at each branch bank location may have internal access to the cash issue terminals. Often times these people may have access to the encryption key for normal maintenance. Alternatively, with only a little training, these people could learn to acquire the key by measuring electrical signals on the internal circuitry. Once an encryption key is acquired, and if the algorithm is known, a correspondence between a large number of account numbers and ID numbers could be generated. Then, with knowledge of the card format and location of verification and offset data on the card, correspondence between card data and random chosen ID numbers can be ascertained.
Another possible security problem arises from the transmission of account information and ID information between a terminal and a host data base. These transmissions often involve utility communication lines and are therefore subject to monitoring by a large number of people. Encryption is often used to improve communication security but anyone who is able to break the code or gain access to the code would be able to extract and compile a list of correspondence between credit card account information and ID numbers by monitoring these transmissions. In addition, by generating fake terminal communication traffic a person might gain access to the host data base and fraudulently transfer funds within data base accounts.