Sounds really cool, but I'm not sure what problem it actually solves. Typical ATM robbery today probably ends with the cash coming out of the machine and the robber running away, hopefully without injuring or killing their victim. Victim calls police, they take a report, get the video from the ATM cam, bank refunds the stolen cash, done.
In the scenario that you're proposing, the only advantage is that police are called about 30 seconds sooner. But my guess is that in the vast majority of cities in the US, that 30 seconds won't be enough to catch the criminals.
Not to mention that if this became widespread (and therefore known) you've now given the victim a crude weapon that the robber may feel warrants more violence to convince the victim that they better not type in their duress code.
"the only advantage is that police are called about 30 seconds sooner"
Unless the thief takes off with the victims phone as well. Additionally there are sadly instances where the theft at the ATM is just the start of other crimes towards the victim.
Unless the thief takes off with the victims phone as well.
I was thinking of the best case scenario. So the robber takes the phone as well, and the person calls it in 15 minutes later when they get to a phone. When the average police response time is about ten minutes, the difference between a call being placed 30 seconds after the robbery and 15 minutes after is pretty much nil.
Additionally there are sadly instances where the theft at the ATM is just the start of other crimes towards the victim.
True. So maybe the advantage here is that the police are alerted to the fact that a crime is taking place. But let's say the victim is kidnapped or something at this point. Are the police going to be able to do anything? They'll show up 5-15 mins after the emergency call and find an empty parking lot. What then?
I guess this might be helpful for situations in which the robber takes the money but then hangs around the ATM to beat or rape the victim. But I doubt this is terribly common. And as soon as it becomes commonplace for people to have duress codes, they'll start taking the victim elsewhere instead of staying near the ATM. Or they'll just kick the shit out of the victim to impress upon them the foolishness of using such a code.
Actually, that's an interesting thought experiment. You're held up at gunpoint (or knifepoint) at an ATM. You have a duress code (that you remember). The criminal knows these are common and threatens you not to use it. Do you?
You do because for the criminal there is no way to know if you used a duress code or not.So if you cant really get into a better position in the eyes of the criminal by not using it,you might as well use it and get cops to know you are in trouble.
Not to mention that cops will potentially have a live video feed of the crime scene as the crime is being committed!
Or better yet, what if it's an elaborate CIA plot to convince you that the moon landing was real? Plotted by intelligent elephants, who breathe fire and crap diamonds! They're a part of the deBeers cartel, and when you're asleep, they rearrange your underwear!
How deep do you want to make your conspiracy theory go?
That's always a risk anyway, in the UK we have an anonymous crime reporting phone number. You are never going to know for sure whether someone in their telephony department is somehow logging information from all the calls and handing it over to the mafia etc.
> But let's say the victim is kidnapped or something at this point. Are the police going to be able to do anything?
They'll know that I was in distress RIGHT NOW, instead of two hours later when I fail to show up for that party I told my fiance I'd meet her at - and even then, she would have to wait 22 hours before filing an official police report.
The possibility of kidnapping elevates this to a whole new level.
Calling the police 30 seconds later may be typical in the US, but not the rest of the world. Latin America is filled with stories of people who took a dishonest taxi and were basically kidnapped and forced to withdraw the maximum every day until their accounts were emptied. Here in Colombia, it's known as the Paseo Millonario. Everybody's different, but I'd be incredibly interested in having a distress PIN, as it could be quite some time until somebody gets worried enough at not having heard from me to alert the authorities.
Perhaps the fake PIN would only show a preset of money in the account (and still call the cops)? If the robber didn't know the victim, they might buy it.
Not sure the situation in other countries, but in the US you aren't liable for any money lost in an ATM robbery. So this would be helpful to the banks, but not the victim.
Just the knowledge of this would discourage ATM robberies from happening. If you knew that you'd only get x bucks, and that the police would be called as the transaction was happening, you'd be less likely to try this technique.
Well, I think you'd have fewer ATM robberies, but the ones you did have would be more violent, because now the victim is effectively armed with a crude weapon. So the robber is going to be more violent to intimidate the victim into NOT using that duress code.
Eh, I just have two bank accounts and only keep a few hundred in the one I use for debit card payments/withdrawals. If I need more, my smartphone app is right there.
Ah... this is a good benefit to having multiple accounts. I am always confused by those with only one bank account. My current account never goes above 2K, mostly sitting at around a few hundred. This gives me a perpetual feeling of not having very much money, so I don't spend too much.
If you've got some armed psychopath (or maybe more than 1) holding a weapon to you or threatening you on a dark night your probably not going to be thinking rationally.
All sorts of stuff is going through your head like "should I use the duress PIN?" , "can I remember the duress PIN?" , "will they know if I use it?" , "how could they know?" , "What if they somehow DO know, is it worth the risk?"
For the interested: enforcing no palindromes and unique digits reduces the number of possible PINs by about a factor of 2, bringing it down to 5040 4-digit combinations.
The formatting ate your *'s but I understand. That's definitely the better way to reason the problem. In my defense it was late (after a trip to the bar) and my code is basically stream of consciousness.
Bank PINs aren't really about password strength though. To prevent brute force, they simply block access after n tries (usually n = 3). They are just a way of preventing access to the card in case of loss or theft. So as long as there are enough combinations to make the chance of a successful brute force after three tries small enough, it doesn't really matter how strong the password is.
For online banking, there are usually added security schemes and the PIN isn't used at all.
That would be an excellent idea in countries where people are taken hostage to empty out their bank accounts overnight to get the maximum withdrawal over 2 days.
I think the double-PIN makes sense in the ATM case (because you don't want to alert the robber to your scheme), but in the phone case I think multiple PINs is far too complex.
Why not just have e.g. "swipe left to unlock to guest mode" or something similar? Then you can still have it be locked, but with the same old PIN; it will be far more attractive to users.
Will people remember to use 1235 ONLY in an emergency? And never accidentally use it? And never use it when they feel "threatened" by the scary looking hipster hanging out by the ATM?
I would tend to guess it would cause more problems than it solves.
Exactly! I would just be repeating what you say, but I'll say it anyhow. False positive rate must be considered before putting such a measure in place.
I used to intern at a company that manufactured credit cards. If I recall correctly, this actually is in place in South American countries. Due to relatively low fraud rates, credit and debit card security in the US is far behind the rest of the world.
Edit: Somewhat replying to a sibling comment. In countries with less effective police, they originally put withdrawal limits on the cards, but this just caused muggers to hold their victims until the victim's account was drained.
Further Edit: I couldn't find any online sources for this information, so I could be remembering incorrectly.
Seems to me a better idea is that you put in a code, which locks your account for a few hours and displays a "this ATM is broken" message, taking it offline for a few mins.
I would forget the emergency pin. Maybe if they recognized a backward PIN, but I would probably be so flustered while being mugged that I couldn't enter it backward.
Diebold ATMs could be configured to send a "distress signal" when their safe was opened and the last number of the combination lock was off by 1. The option was off by default, because it required additional hardware hook-up (for the signaling), but it was there.
Several of the PIN-activated access control systems I've used have a similar concept, usually called a duress code or such. Your normal PIN would be 1234 but if you are being forced to enter under duress you put in 1235, and a silent alarm is set off.
It's a nice idea but wouldn't work in practice. If the "help" PIN is always 1 higher then there would be too many false alarms due to pressing the wrong button. Or if the "help" PIN is totally different then victims will forget under stress.
1234 is my regular PIN. 1235 is my help I'm being robbed PIN -- it dispenses the cash, calls the cops, and tags the video.