I've done this same trick myself for years! Only the number isn't written on the card; it's written on a post-it note in the wallet. And there are 3 numbers on the note, each 'identified' with a meaningless 2-letter abbreviation, so that the thief will hopefully go 'I don't know which number is for *this* card, but I can just try all 3' and then get the card eaten.
It achieves absolutely nothing. Either the thieves have a way to obtain the real code or they don't. If they do, they'll obtain it and use it. If they don't, then the _lack_ of a number inside the wallet won't magically make them guess the right code. And guess what, they know about the 3-attempt limit, too. So, even if they have a way to get the code but decide to try those numbers _first,_ they're obviously going to stop after two attempts.
the "using a sharpie", and "hurridley" makes me think that this is some QA thing, and 7692 is a number that tests all the motions for a sharpie. edit: and, theory dead in the water right off the bat
The whole "entering the pin backwards alerts the authorities" thing never made any sense to me. A disproportionate number of pins are gonna be palindromes (or near palindromes and easy to mess up) and surely enough people would know someone whose pin is a palindrome that there should've been no way for that myth to propagate.
Theoretically, the system could check if it was a palindrome and just not apply the reverse = eat card logic if it was. But yeah, I never put any weight into the urban myth as it just seemed too easy to mess up for users who had pins such as 4944 (not my pin), it's way too easy to input that as 4494 (also not my pin, or is it?)
@@ChilledOutGuildI know there was talk of cards having two pin numbers. the correct and the I been robbed call the cops but do ether give me the money or spit out an error. (sorry your requested amount does not exist currently in cash please request a amount we can pay out). I know I can set up on some Windows/Linux version + maybe some add-on or something "Correct" password that will log you in into a fake version of my desktop. It will not give you an error but it will not give you what you wanted.
i'm really liking the teamwork in this one - simon starting off with something very close to the answer, alec figuring out that it is to ward off thieves, and then rowan finishing it by figuring out why the number was written hurriedly. love it!
My first guess was that it was a clear sheet of plastic and that viewers on the other side of the sheet would see 7692 as the word "seaT". (Speaking as someone who grew up watching weatherman Dave Devall do this all the time on Toronto television.)
It's pointless. Either they have a way to obtain the real code, or they don't. If they don't, they're not going to magically guess the right code just because there's no number written on the card. And if they do, they'll ignore anything written on the card.
In this episode we've got the infamous PIN Number AND ATM Machine! Also, if you think about it, if the ATM can lock your card when you enter the PIN backwards, that would mean that the machines were less secure, because it would require them to know your PIN. To be secure, it shouldn't know what your PIN is, rather a version of your PIN that is hashed or encrypted in a manner that cannot be reversed, so the machine just runs that same operation on the PIN you enter and compares it, meaning you only get a go/nogo result, and entering your PIN backwards would be no different than entering any random numbers. I don't know if this is actually how they work, but they very well should.
Hashing pins is useless because they are very possible to brute force. Even ignoring that though, you could easily setup two hashes, one for the successful result, and one for the "suck it in" result.
The ATM wouldn't have to know the PIN - if the forwards number fails to authenticate, it could reverse the digits and try to authenticate that, and if it does, it knows it's backwards.
there was a distress pin and there was a hash ... the machine trys the normal match if it fails it operates the distress algorithm and rehashes if that matches it issues distress
Even if it's a one time code, you'd need to refer back to it at least once, I'd assume? And if the subsequent reason is "oh they just remembered the code after all" it doesn't feel very Lateral.
there was a "panic pin" that some systems employ though its gone out of use in most cases . There were 2 options well 3 the 3rd one was just to have a panic pin separate from the normal one the other 2 were related adding or subtracting 1 from the first or last digit adding or subtracting 1 from both the first and last digit [one option meant give money and its distress - the other is don't give money report terminal out of service and distress ] 1
my mind went to the story of the guy with the three cat drawings as his signature signing a mortgage, this would have been a similar situation where for whatever reason her signature was 7692 and she used that to sign the card.
There is a well known UK bank who received a complaint from a customer for repainting the outside of a branch. It turns out the customer had used a sharp instrument to write his PIN on the wall next to the ATM, with no other context. He refused to use any other ATM, so when the wall was painted over he lost access to his PIN. 😂🤦
Unless the card gets stolen in the US. Happened to us, there was a lot of transactions within 15 minutes, even though the ccv is not even printed on it. US payments don't require a pin
Contactless? Believe it or not we even have that in the UK! Maximum spend contactless is £100 but you can reduce that using the banking app on your mobile phone (yes we even have [cell] phones in the UK)
Lost my bank card, new card was a "visa debit" card that allows you to spend money online with just the numbers on the card. I asked for a $0.00 "credit" limit because of how insecure that is. My PREVIOUS debit card required a chip and PIN!
@@jamesphillips2285AFAIK, you can't use someones card online with only the info on the card. (Unless they started putting addresses on cards, which would be a really bad idea) Also, Chip N Pin won't protect someone who has stolen your card info and personal information (Name, address) online.
@@WoNkY_DoG nope, you don’t need the pin online (just ccv) or in most retail transactions that aren’t flagged for whatever reason in the US. Believe it or not, you can not act condescending to others when you don’t even understand what’s being said!
Initial thoughts: it was a one-use-only piece of information (nonce or a one-time-pad code). The visual representation of tracing a movement (pattern lock screen)?
I was thinking it was an AMEX's CCID number that's always on the front which is the wrong place for all other cards, cause I always write that on the back where it's supposed to go when I get a new one.
Around here all ATMs can also read the card contactless - I assume after enough false tries the card is just going to be locked by your bank, since it can't be kept by the machine?
yes and yes! EU credit cards are all chip and pin, US credit cards are signature based! Also nowadays most debit cards have a credit card number for online payment, which wasn't the case historically.
@@LaPingvino I guess what's throwing me off is that both debit and credit cards transitioned from signatures to PIN verification at the same time here, so it seems weird to use that as a distinction between them.
@@anarchodin But well before chip and PIN came in, UK credit cards at least had PINs so you could get a cash advance from ATMs if you wanted to (at relatively huge expense compared to a debit card, of course).
At first I thought Rowan was using some sort of strange soft focus filter but actually it looks more like a wide aperture lens that's focused on the microphone logo... narrow depth of field rather than overall fog.
My first theory was it was a word play trick like 4242 564 in japanese being shini shini goroshi or in english death death kill that Souls Eater used and localized to a little poem being "4242 564, the number you call on deaths door"
Ye gads, so many Personal Identification Number numbers and Automatic Teller Machine machines. Is everyone in the UK kingdom part of their Department of Redundancy department?
Answer spoilers: . . . . . If Penny ever needed to use her card at a bank not just at an ATM it still feels like she might be in for some questions or a lecture.
What a weird, weird "question". How is that any better than not writing any number at all? I mean, if the person who stole / found the card has some means of obtaining the real code, they will do so regardless of what's written on the card (certainly before using up the three attempts, because they know about that limit too). If they don't, then do you really think they'd just magically guess the right code if there _wasn't_ a number written on the card? This sounds like one of those nonsensical "security measures" like telling people to include a punctuation character in their password (which has just led to a lot of single-word passwords ending in "!", when simply using longer passphrases, with at least _two_ unrelated words, is far more secure _and_ easier to remember).
Because, by writing a red herring on the card that ISN'T the real number, you hope that the thief tries three wrong numbers that are similar to the one on the card - which will lock the card.
Literally *already addressed above.* Either the thieves have some way to access the _real_ code (in which case they will simply ignore the numbers), or they don't, in which case having those numbers makes _no_ difference (i.e., having _no_ numbers on the card won't help them guess the code). And (shocka!) thieves know about the three attempt limit, too, so if they think they can obtain the real code (with extra effort), *they'll simply stop after two attempts* even if they _do_ decide to try those numbers first. At most, you get them to use up one or two attempts trying the "fake PIN", which reduces their chances of guessing the correct PIN _by pure chance_ from 3 in 10 000 to 1 (or 2) in 10 000. This is "cargo cult security".
There is no such thing as "PIN number". PIN already stands for "personal identification number". So it makes no sense to say "PIN number"; it is simply "PIN". Ditto for "VIN" for vehicle identification number.
All these apparently intelligent people saying PIN number and ATM machine,, do they not know what those acronyms are? As an ex-developer for a bank it makes me flinch every time.
The guessers and the answer itself completely skipped the "hurriedly" part. I was thinking she wrote it fast because she was being followed and scared but then Tom said she wasn't under pressure and never came back to it again, to explain it. Strange.
Life hack: You can know that it is technically wrong and annoyingly redundant, snicker a little bit to yourself, acknowledge that these is perfectly normal things to say, and move on. 😁
I love that the writer chose the name "Penny" for a question about PINs and money... nice subtle hint there 😀
I've done this same trick myself for years! Only the number isn't written on the card; it's written on a post-it note in the wallet. And there are 3 numbers on the note, each 'identified' with a meaningless 2-letter abbreviation, so that the thief will hopefully go 'I don't know which number is for *this* card, but I can just try all 3' and then get the card eaten.
I just have all my cards locked and unlock when I need them
It achieves absolutely nothing. Either the thieves have a way to obtain the real code or they don't. If they do, they'll obtain it and use it. If they don't, then the _lack_ of a number inside the wallet won't magically make them guess the right code. And guess what, they know about the 3-attempt limit, too. So, even if they have a way to get the code but decide to try those numbers _first,_ they're obviously going to stop after two attempts.
@@RFC3514what about thieves who are stupid and don’t know about the 3 try limit?
Penny was never able to refer to the number again because she passed away shortly thereafter from Sharpie fume poisoning.
the "using a sharpie", and "hurridley" makes me think that this is some QA thing, and 7692 is a number that tests all the motions for a sharpie.
edit: and, theory dead in the water right off the bat
The whole "entering the pin backwards alerts the authorities" thing never made any sense to me. A disproportionate number of pins are gonna be palindromes (or near palindromes and easy to mess up) and surely enough people would know someone whose pin is a palindrome that there should've been no way for that myth to propagate.
Theoretically, the system could check if it was a palindrome and just not apply the reverse = eat card logic if it was. But yeah, I never put any weight into the urban myth as it just seemed too easy to mess up for users who had pins such as 4944 (not my pin), it's way too easy to input that as 4494 (also not my pin, or is it?)
@@ChilledOutGuildI know there was talk of cards having two pin numbers.
the correct and the I been robbed call the cops but do ether give me the money or spit out an error.
(sorry your requested amount does not exist currently in cash please request a amount we can pay out).
I know I can set up on some Windows/Linux version + maybe some add-on or something "Correct" password that will log you in into a fake version of my desktop.
It will not give you an error but it will not give you what you wanted.
Why disproportionate? Surely it's no more than one in a hundred?
"surely enough people would know someone whose pin is a palindrome"
How would you know?
People usually don't tell each other their pins
@@panda4247 mine is 7692
i'm really liking the teamwork in this one - simon starting off with something very close to the answer, alec figuring out that it is to ward off thieves, and then rowan finishing it by figuring out why the number was written hurriedly. love it!
Given that those urban myths exist, I think any robber would be extremely suspicious of a pin written down in the card.
'Pin number', 'ATM machine' lots of RAS syndrome here.
Think about that while you eat your naan bread and drink some chai tea.
I've given up the fight on this one. PI Number is just the phone for a detective's office and AT Machine sounds like an anti-tank robot.
@@falseprofit9801You know, saying PIN and ATM without any suffixes is an option.
Haven't heard of the term but I like how I was able to figure out what RAS Syndrome meant
@@Person.1234 But can you figure out what the 'S' stands for?
My first guess was that it was a clear sheet of plastic and that viewers on the other side of the sheet would see 7692 as the word "seaT". (Speaking as someone who grew up watching weatherman Dave Devall do this all the time on Toronto television.)
"PIN number" and "ATM machine" - you're killing my pedantic mind with the redundancy 🤣🤣
I might try that one myself!
It's quite clever. Might do it aswell.
It's pointless. Either they have a way to obtain the real code, or they don't. If they don't, they're not going to magically guess the right code just because there's no number written on the card. And if they do, they'll ignore anything written on the card.
In this episode we've got the infamous PIN Number AND ATM Machine!
Also, if you think about it, if the ATM can lock your card when you enter the PIN backwards, that would mean that the machines were less secure, because it would require them to know your PIN. To be secure, it shouldn't know what your PIN is, rather a version of your PIN that is hashed or encrypted in a manner that cannot be reversed, so the machine just runs that same operation on the PIN you enter and compares it, meaning you only get a go/nogo result, and entering your PIN backwards would be no different than entering any random numbers.
I don't know if this is actually how they work, but they very well should.
Hashing pins is useless because they are very possible to brute force. Even ignoring that though, you could easily setup two hashes, one for the successful result, and one for the "suck it in" result.
The ATM wouldn't have to know the PIN - if the forwards number fails to authenticate, it could reverse the digits and try to authenticate that, and if it does, it knows it's backwards.
@@jasonbhunt Don't bring logic and intelligence into this :p
Honestly, there's not much point. There are only 10,000 possible different PINs; my phone could hash every single one of those in less than a second.
there was a distress pin and there was a hash ... the machine trys the normal match if it fails it operates the distress algorithm and rehashes if that matches it issues distress
First instinct: One time code?
Pretty close
Even if it's a one time code, you'd need to refer back to it at least once, I'd assume? And if the subsequent reason is "oh they just remembered the code after all" it doesn't feel very Lateral.
@@tcxd1164 Fair, although "exactly once". You're never supposed to use a one time code more than once, that's the point.
Guessing Penny wasn't a doctor. XD
Penny's a doctor and her signature reads like 7692.
there was a "panic pin" that some systems employ though its gone out of use in most cases .
There were 2 options well 3
the 3rd one was just to have a panic pin separate from the normal one
the other 2 were related
adding or subtracting 1 from
the first or last digit
adding or subtracting 1 from both the first and last digit
[one option meant give money and its distress - the other is don't give money report terminal out of service and distress ]
1
my mind went to the story of the guy with the three cat drawings as his signature signing a mortgage, this would have been a similar situation where for whatever reason her signature was 7692 and she used that to sign the card.
Plot twist: Her actual PIN code is 1234.
thats the same code i have on my luggage!
Good to see you appearing on show Dr. Simon Clark, big fan from the YogsCast crew.
Didn’t he predict the world would end a few times?
Haha probably @@spelcheak
@@spelcheak Wait what lol
There is a well known UK bank who received a complaint from a customer for repainting the outside of a branch. It turns out the customer had used a sharp instrument to write his PIN on the wall next to the ATM, with no other context. He refused to use any other ATM, so when the wall was painted over he lost access to his PIN. 😂🤦
Writing down pins is peobably more secure than any digital way of storing it. Your house is probably safer from being broken into than your computer
Does anyone know what the pub quiz app Tom has mentioned in the ad reads for the past few weeks is. Can't find it on Reddit or in the show notes.
It was the website bptrivia.com/, which is mobile compatible. Say we sent you!
Unless the card gets stolen in the US. Happened to us, there was a lot of transactions within 15 minutes, even though the ccv is not even printed on it. US payments don't require a pin
Contactless? Believe it or not we even have that in the UK! Maximum spend contactless is £100 but you can reduce that using the banking app on your mobile phone (yes we even have [cell] phones in the UK)
Lost my bank card, new card was a "visa debit" card that allows you to spend money online with just the numbers on the card.
I asked for a $0.00 "credit" limit because of how insecure that is. My PREVIOUS debit card required a chip and PIN!
@@jamesphillips2285AFAIK, you can't use someones card online with only the info on the card. (Unless they started putting addresses on cards, which would be a really bad idea) Also, Chip N Pin won't protect someone who has stolen your card info and personal information (Name, address) online.
@@WoNkY_DoG nope, you don’t need the pin online (just ccv) or in most retail transactions that aren’t flagged for whatever reason in the US. Believe it or not, you can not act condescending to others when you don’t even understand what’s being said!
@@jamesphillips2285 works fine for millions, if it needs a chip then it wouldn’t work online right?
Initial thoughts: it was a one-use-only piece of information (nonce or a one-time-pad code). The visual representation of tracing a movement (pattern lock screen)?
Her signature, and not a note?
Hey, it’s dr Simon! Love to see it…
I was thinking it was an AMEX's CCID number that's always on the front which is the wrong place for all other cards, cause I always write that on the back where it's supposed to go when I get a new one.
Simon has been stumbling to the right answers accidently for over 30 years now.
Around here all ATMs can also read the card contactless - I assume after enough false tries the card is just going to be locked by your bank, since it can't be kept by the machine?
Contactless generally has a limit on the amount and number of transactions per hour.
I became confused as you used the terms credit and debit card interchangeably. Are there credit cards out there that require a PIN?
Are there credit cards that _don't_?
yes and yes! EU credit cards are all chip and pin, US credit cards are signature based! Also nowadays most debit cards have a credit card number for online payment, which wasn't the case historically.
@@LaPingvino I guess what's throwing me off is that both debit and credit cards transitioned from signatures to PIN verification at the same time here, so it seems weird to use that as a distinction between them.
@@LaPingvino That's an interesting difference. Thanks for clearing that up
@@anarchodin But well before chip and PIN came in, UK credit cards at least had PINs so you could get a cash advance from ATMs if you wanted to (at relatively huge expense compared to a debit card, of course).
At first I thought Rowan was using some sort of strange soft focus filter but actually it looks more like a wide aperture lens that's focused on the microphone logo... narrow depth of field rather than overall fog.
My first theory was it was a word play trick like 4242 564 in japanese being shini shini goroshi or in english death death kill that Souls Eater used and localized to a little poem being "4242 564, the number you call on deaths door"
Irrespective of the answer, Penny should get her own wifi 😂
thanks. now i've forgotten my pin and i'm panicking
Jenny Don't Lose that Number .
Ye gads, so many Personal Identification Number numbers and Automatic Teller Machine machines. Is everyone in the UK kingdom part of their Department of Redundancy department?
Seriously, I mean what the WTF? SMH my head...
Don't look at this reply! It's being shown on your LCD display right now.
Not joking, I have heard "ASAP as possible" once
@@panda4247 dang, I looked
I figure, why we often say PIN number, is because, PI Number already means something.
@@Kumimono but noone is advocating for the usage of "PI Number". Just "PIN" without the additional "number"
Getting a dog to write isn't easy, I'd prefer using a permanent marker instead.
?
I see what you did there! 🐕🐕👀👀
@@panda4247
A Sharpie is a breed of dog....
@@Slikx666 ah.. you mean Shar Pei? i did not get that at first
Similar concept to the legendary "Thief Knot".
7692 rotated 180 degrees kinda looks like 7692, something to do with that is my guess.
Sort of looks like "LEGO", if the 2 were a 0.
As a question this felt a bit contrived but the advice is solid tbh
what person would write their pin on a card? why would thief fall for that
you'd be surprised how often people have done that untill you work retail and see it.
Why did they have to guess the right answer three times before you gave it to them?
They were wrong three times. You don't get a fourth attempt.
Okay - but who is Penny???
Anyone else hear Penny and go straight to The Big Band Theory?
Band? Bang surely
Answer spoilers:
.
.
.
.
.
If Penny ever needed to use her card at a bank not just at an ATM it still feels like she might be in for some questions or a lecture.
i must be too stupid to understand, why do you write your pin number down? if your card is stolen they either have it some other way or its useless...
So not Penny Hofstadter then
They never got a penny from her.
What a weird, weird "question". How is that any better than not writing any number at all? I mean, if the person who stole / found the card has some means of obtaining the real code, they will do so regardless of what's written on the card (certainly before using up the three attempts, because they know about that limit too). If they don't, then do you really think they'd just magically guess the right code if there _wasn't_ a number written on the card?
This sounds like one of those nonsensical "security measures" like telling people to include a punctuation character in their password (which has just led to a lot of single-word passwords ending in "!", when simply using longer passphrases, with at least _two_ unrelated words, is far more secure _and_ easier to remember).
Because, by writing a red herring on the card that ISN'T the real number, you hope that the thief tries three wrong numbers that are similar to the one on the card - which will lock the card.
Literally *already addressed above.* Either the thieves have some way to access the _real_ code (in which case they will simply ignore the numbers), or they don't, in which case having those numbers makes _no_ difference (i.e., having _no_ numbers on the card won't help them guess the code).
And (shocka!) thieves know about the three attempt limit, too, so if they think they can obtain the real code (with extra effort), *they'll simply stop after two attempts* even if they _do_ decide to try those numbers first.
At most, you get them to use up one or two attempts trying the "fake PIN", which reduces their chances of guessing the correct PIN _by pure chance_ from 3 in 10 000 to 1 (or 2) in 10 000.
This is "cargo cult security".
@@lateralcast - For some reason, my reply to this keeps disappearing. Oh well, I addressed it in my first post, anyway.
I'm glad that I'm not the only one who does this.
The number of times I heard either “PIN number” or “ATM machine” in this video was quite offputting
🤓🤓🤓
Personal identification number number and automatic teller machine machine
There is no such thing as "PIN number". PIN already stands for "personal identification number". So it makes no sense to say "PIN number"; it is simply "PIN".
Ditto for "VIN" for vehicle identification number.
They seriously said both "PIN number" and "ATM machine???" I am in pain
All these apparently intelligent people saying PIN number and ATM machine,, do they not know what those acronyms are? As an ex-developer for a bank it makes me flinch every time.
The guessers and the answer itself completely skipped the "hurriedly" part.
I was thinking she wrote it fast because she was being followed and scared but then Tom said she wasn't under pressure and never came back to it again, to explain it. Strange.
That part is explained from 4:49 onwards.
It’s so that the person will misread the number and type it in a few times, as you only have three attempts.
@@civiccattle6730 understood, thank you. The word hurriedly implied urgency to me, rather than sloppy writing
So, who else's bothered by "PIN Number" and "ATM Machine"? :)
Life hack: You can know that it is technically wrong and annoyingly redundant, snicker a little bit to yourself, acknowledge that these is perfectly normal things to say, and move on. 😁
@@geirmyrvagnes8718 Advanced life hack: Object to it in an exaggerated way for personal amusement.