And the ATM customer walked away …

We had a call from Footscray Police Station late one Friday night.

We’ve had a man walk in with $200 claiming that he found it sitting in the ATM cash dispenser cradle.  Can you tell us who the owner of the money is?

This was back in the days when we didn’t have privacy laws, so we duly verified who the customer was, and rang Footscray Police back.  Footscray Police told us later that the customer was very happy to be re-united with their cash.

Nowadays this wouldn’t happen because:

  1. Privacy laws would prevent us passing that information on to the police, and more importantly
  2. Automatic Teller Machines will now retract the money if the customer doesn’t take it.

To elaborate on point 2.  The final part of the cash dispenser path is where the cash is presented to the customer.  On most* ATMs, there is a light sensor which detects whether the customer has grabbed the cash.  After a period of time (30+ seconds generally), the ATM will take the cash back, assuming that the customer has walked away.

Which led to an interesting fraud.

Some clever person realised that if you broke the light sensor, the ATM wouldn’t know that you took the cash, and then the ATM would cancel the transaction.  We had an ATM emptied of cash over a weekend due to this fraud.  Once the fraud was discovered, NCR developed a fix to prevent the problem occurring again.

NCR5080 * the exception being the NCR 5080 ATM, which had a cash cradle.  The ATM would drop the cash into a cradle and then consider the transaction completed.  The Footscray ATM was one of these.

Sorry NCR, we broke your brand new ATM.

atm cassette When I wrote about printers jamming though being incorrectly loaded, I was reminded of the time we broke a brand new NCR ATM.

I was working in the ATM helpdesk team at the time.  NCR extended an invite for us to visit their sales office to familiarise ourselves with the new ATMs they were selling us.  We worked though the typical faults that you’d see with a branch ATM, such as Receipt Paper Out, Cash Out, Cash Jam, Deposit Bin Full & Card Jam.

Now you need to know that ATM’s have two parts to their cash delivery mechanism; the cash pickup (from a cash cassette) and the cash dispensing part (to the customer).

The cash dispenser side was clever,  It did things like weigh and measure the notes, to ensure that the customer wasn’t getting too much money.#
The cash pickup side was not.  If you failed to side the “note holder” stop firmly against the notes, it would cause a jam. 

You might guess what happened next. 

“What happens if we don’t tension the note holder?”, said the team lead.

What happens is that the ATM cash pickup tries to feed 20 notes into a 1 note gap.

It took 3 hours for the NCR Technician to fix.

# banks much prefer when customers don’t get overpaid.

The “Debbie” Rule

LargeWhiteAngelWings8546medI’m reminded by someone who I’ll dub Warrior Princess M, of the “Debbie” rule.  WPM doesn’t know the Debbie rule, but said “I’m pretty insistent that I’m a Miss until the day I marry.”
(which reminded me of the Debbie rule).

The Debbie Rule.

It was a graveyard shift.  I’m not sure HOW we got onto the subject, but we must have been early hours of the morning when general crap gets talked.  One of the blokes, and my memory tells me it was Steve Vaughn, but as it was almost 20 years ago so I could be wrong, opined

Every Debbie I know is either a saint or a trollop*.  There’s no blurring of the line either.  It’s one or the other.

And Steve was right, of the 9 Debbie’s I’ve known, 7 have been sweet hometown-type girls, and 2 have been fairly free with their affections.

Readers are welcome to tell me I’m wrong.

* a harsher word than trollop was used.

Your IT security threat is in the tent with you.

Marie-Christos2420-420x0Most of the time, some people say 80%+, your IT security threat is in the tent with you (ie. someone who works for you) .  Based on experiences at different workplaces, I’d have to agree.

First there was the ATM fraud, which I wrote about on Saturday.  The bank took people to court over that.  Unusual for banks, as they try to brush these things under the carpet.  The brushing under the carpet is due to the embarrassment and all.

Then there was the fuel scam.  A BMW Mini has a fuel tank capacity of 40 litres.  Now perhaps in an alternative universe, there is a BMW Mini with a 70 litre fuel tank.  Not in our universe.  So when someone used their fuel card to fill the work Mini and it took 70.4 litres, we thought WTF?

Finally, there was the case of the accounts payable clerk thought no-one would notice the new Porsche 911 he drove into the car park one fine Tuesday morning.  Yes, a $230,000 car paid for on a $50,000 salary, was noticed.

All these people were insiders and they had police criminal history checks.

Now when someone says to me, “we want all staff to give up their fingerprints for a police criminal history check”, my initial reply is “No.”

Followed by a prompt, “they’ll make little difference.” 

After all, other organisations have had the same experience.

Further reading:
Police check security over Einfeld interview (24 Sept 2010)
Confidential Police files found in Melbourne drug raid 29 Sept 2010)

Automatic Teller Machine Insider Fraud

IBM 3624 Money BoxIt happened a long time ago, an bank fraud which saw 4 people lose their jobs.

Fraud convictions also resulted.

One bloke I heard, went overseas to “wash” his reputation clean.

I’m comfortable telling the story now, because State Bank Victoria no longer exists (1990), and the fraud happened 20 years ago.

To understand the fraud, you need to understand how an Automatic Teller Machine Cash Withdrawal worked at State Bank Victoria.

  1. Customer goes to Easy Bank ATM and requests a $20 withdrawal.
  2. Request is sent from the ATM, via the IBM 4704 Financial Controller, to the IBM 3090 mainframe.
  3. The customer’s ATM card is cross-referenced to the customer bank account.
  4. $20 was withdrawn from the customers bank account.
  5. The IBM 3090 mainframe told the IBM 4704 Financial Controller that the transaction was approved.
  6. The IBM 4704 Financial Controller printed a transaction record onto continuous-feed paper.
  7. The IBM 4704 Financial Controller then told the ATM to issue the money.

The fraudsters realised that if a customer’s ATM was assigned to non-existent account (step 3), the transaction would still be approved.  So that’s what they did.  They also destroyed the transaction printout (step 6).

Yes, it was an insiders job.  I don’t think the guys made much out of it (in the $100’s), but as it involved a breach of trust, the police were called in.

Knowing what you’re actually getting.

Lonsdale Exchange It was the late 1980’s.

My employer at the time ran two data centres in Melbourne.  There was the production site in the Melbourne CBD, and the backup site at Clayton.  They were linked together with data links provided by Telecom Australia.

The disaster recovery planners thought that wasn’t redundant enough.  And since there was this new player in the leased data line market, Optus, and they were offering more competitive rates (ie. cheaper) for the same service, our backup data links were switched to Optus.

All went well for several months, until the day the Telecom Australia Lonsdale Telephone Exchange failed.  Failed as in the new digital exchange technology crashed.

No problems we thought, we’ll switch to the Optus provisioned backup lines.

Except they were dead too.  You can probably guess why.

In the post-mortem of what went wrong, we found that the data comms links were
a) physically separate links
b) terminated at the same exchange
c) actually Telecom Australia links which Optus resold to us.

The fix was for the backup link to be terminated at a different telephone exchange (North Melbourne).  I don’t remember if it was Optus providing these backup links.  I do remember it cost rather a lot of money to do.  I think Telecom Australia was very happy with the money we hurled at them.

I’d like to think our disaster recovery planners learnt that day that:
1. cheapest is not always best.
2. if you are buying a data communication product, that you need to check the provider (Optus in this case), is not just re-selling the product from the actual vendor (Telecom Australia).

Bookmark and Share

The mighty IBM 3800

IBM 3800 Model 6 Printer Laser printers use two types of fusion to fuse toner to paper, hot fusion, and cold fusion.

I’ve only seen cold fusion used once.  StorageTek used to make mainframe printers with cold fusion technology.  You’d take paper off the printer, and it would be icy cold.  Cold enough to burn you.

On the other hand, the first commercial laser printer, the IBM 3800 used hot fusion.

I had the privilege of working with one of those beasts.  The things I remember about them:

  • Speed.  they were capable of printing 20,040 lines per minute.
  • Keeping them filled with paper was a constant chore.
    IBM claimed they could produce 1.7 miles of paper every hour.  I’d believe it.
  • Toner.  They used 5 litre (guessimate) bins, and we’d go though 1.5 bins on an eight hour shift.
    In comparison, the StorageTek had a toner hopper.  You’d pour toner into the hopper, and then watch the cloud of toner form above you.
  • At the backup site, the IBM 3800 generated so much heat, it would trigger the fire alarm.
    The root cause?  Don’t put a big printer in a small room.
    The fix?  We’d leave the computer room doors open when we ran it.

Bookmark and Share

Everything goes in circles: Cash Dye Bombs

dye stained bank notes Back when I was a spotty faced bank teller, banks in Australia had stopped using cash dye bombs.

“Spoil the prize, and you spoil the crime.” was the theory with dye bombs.

How cash dye bombs were used was fairly simple:

  • bank robber demands the cash from the bank teller.
  • teller scoops cash out of cash draw, along with dye bomb, which has automatically armed; into the robbers bag.
  • robber runs out the door with the loot.
  • dye bomb explodes in robbers bag, denying the robber the cash prize.

That’s what happened in a robbery.

But during a normal day, bank tellers were accidently arming the dye bombs.  Which would then explode, covering the bank’s cash, and possibly the teller, in indelible dye.

This would leave the cash unusable.

The bank’s would then ship the “faulty” bank notes along to the Reserve Bank of Australia for replacement.

The Reserve Bank eventually had enough of these accidental discharges, and said “Enough.  We’ll not accept dye covered notes for replacement.”

Which killed the use of dye bombs.

Proving everything goes in circles, I was reading the Reserve Bank’s Annual Report 2009, and see that the Reserve Bank is once-again accepted dye-stained notes.

What next?  The re-arming of Bank Managers?

Bookmark and Share

“They don’t know who you are, just hang up.”

state-bank-hamburger-logo Banks place a whole lot of responsibility on their tellers, to balance or “slicker” their cash draws at the end of the night.

And pressure.

No one goes home until every dollar is accounted for, or ultimately written off.  Talk about peer pressure.

I worked as a bank teller before I got into the IT game.  One night, over a beer after work, Ashley Brown* was telling the story about how he was $100 short.

“We balanced up, and found the cash draw was $100 short.”
(clearly Ashley overpaid someone, it happens).
As we were going though the receipts, we got a phone call..

‘G’day, I was overpaid $100’

Ashley was overjoyed that the money had been found, and was in the midst of asking the customer when he could return it, when he heard in the background of the telephone call.

‘What the f&*k are you doing.  They don’t know who you are, just hang up.’


* Ashley was a high-flier.  Last I heard of him was that he’d transferred to the bank’s Internal Audit section.  Wouldn’t be surprised if he’s running the place now.

Bookmark and Share

The Blinkenlights were so pretty.

I had to descend one level, to check out one of our systems.

Computer rack lightsI could see though the access door window, that the lights on the whole floor were out.

Swiped my access card and swung the door open.

No strange sounds.  Certainly no smoke or fire.

Out onto the ICL Mainframe floor I ventured.

One of the prettiest sites you can see in IT, are all the blinking lights, from the hundreds of modems, hubs, switches, and routers; flashing off and on.

On any Friday and Saturday night, you’d find the hard working ICL Mainframe Operators of the State Bank Victoria IT branch, having a snooze.

In their sleeping bags.

Bank branch processing had finished for the week, and so they’d switch the lights out and have a sleep.

Bookmark and Share