Robin had always been suspicious of the ‘hole-in-the-wall’. He had never regarded it as anything but a very insecure way for banks to go about their business. It was, after all, exactly what people called it - a hole in the bank’s wall. It was a hole in their first line of defence. Not only that, but immediately behind that hole there were stacked several thousands of pounds, frequently in used notes. And all you needed to get access to all that cash was a piece of plastic.
Certainly, it was a rather special piece of plastic, with its embedded microchip and magnetic strip on the back. And certainly, too, the introduction of the chip and PIN had made the cash machines less easy to defraud. But they were not perfect by any means, and the criminal fraternity had been quick to develop new ways of getting at the cash behind the ATMs. The more Robin thought about it, the more he came to believe that the hole in the wall could easily be opened, perhaps even without a four figure PIN number.
It was while he was at Oxford that Robin began to study the system seriously. The theory behind the system was that every bank credit and debit card would have the owner’s secret PIN number encoded into both the microchip and the magnetic strip. Only if the number tapped into the cash machine was the same as that on the card, would the machine be activated and authorised to carry out the transaction demanded by the owner. The problem was, as Robin saw it, that a criminal only needed to know someone’s PIN number to be able to produce a duplicate card. The fraudster didn’t even need to copy the chip, as many ATM machines, especially abroad, only read the magnetic strip. And although the PIN number is often encrypted, it’s the easiest thing in the world to record a four digit number on to a magnetic strip, and even easier to watch someone tap in their code on a chip and PIN machine, whether in a store or at the bank.
The felon did not even need to know the name of the PIN number’s owner, as this was not recorded on the magnetic strip, but Robin had a theory that even the PIN number might not be necessary. What the card actually did, he reasoned, was access the bank’s huge computer system, and Robin knew that computers, even small personal ones, have memories. The last thing in that memory was going to be the personal details of the last user of any particular cash machine, and those details would remain there until the machine was used again. In other words, the last user’s account effectively remained open until the machine was used again and a new set of information was entered into it. Until that time, the hole in the wall remained open for anyone clever enough to simply reach in and help himself to someone else’s money.
Robin resolved to find out if his theory was accurate, and then to devise a means of overcoming this weakness in the banking security system before criminal gangs devised a way of making these phantom withdrawals on a large scale. Not just criminal gangs either. Bank staff who understood how the system worked could make a fortune.
It was during their final year at Oxford that he had explained all this to Marian, who was both puzzled and worried by his theory.
“The first thing I want to do is to show that it is possible to take cash from other people’s accounts, simply by using their PIN number and nothing else,” he explained. “And I believe that it should be possible to use the computer’s own memory to put the PIN number of the last user on to a blank card. Rather in the way that DVD discs can be re-written.”
“If you’re right,” she had said, “then certainly the banks will need to be able to develop some sort of countermeasure to keep the system secure, but how will you be able to do that for them, when you don’t have direct access to their system?”
“I shall simply have to devise a way of getting into the system - that’s got to be my first step. Unless I know the system’s weaknesses, I can’t develop anything that will make the system stronger and more robust,” Robin explained.
He thought for a moment.
“What I really need,” he said, “is an unlimited supply of blank credit and debit cards that I can experiment with.”
“But you’ll never get those,” she protested.
“No, but I know how to get a couple, at least,” he replied. “I shall ‘lose’ mine, and apply for a replacement. That will give me one I can play with, having deleted all the relevant information, and if I could persuade you to ‘lose’ yours as well, that’s two!”
“I’m not sure this is right, or even legal,” replied a perplexed Marian. “But if that’s what you need, then I’ll do it for you.”
“Good girl - thank you,” said Robin, giving her a hug. “We shall be given different card numbers from those we ‘lose’, but the ATM machines don’t read any of the information on the front, so that won’t matter. The bank sort code will be on the magnetic strip, so that should copy across as well.”
He paused.
“What I shall have to do is to somehow programme my cards, so that they fool the ATM into believing that it is the same card that has just been used. In other words, that the first transaction has not yet been completed.”
“What I don’t understand,” said Marian, one day, “is how you will know you have been successful. Just supposing you do manage to use your card to get money out of a machine immediately after someone else has used it - how will you know the cash has been taken from that person’s account? You can’t very well ask, can you? And what will you do with the cash - keeping it would be stealing?”
“If my theory is correct, then there really is nowhere else the money could come from,” he replied. “But how about if I follow you? You would be able to tell if the money had come from your account, and I’d give it back to you.”
“That’s good,” she said. “Something else I can do to help. You could even follow yourself, so to speak, and put your re-programmed card in after you had used your proper one.”
“I had thought of that,” replied Robin. “The problem with us testing this using old cards of our own that we have ‘lost’, is that I must be absolutely sure that none of the original information remains on either the chip or the magnetic strip. One day, I shall simply have to conduct experiments using complete strangers’, and that will be difficult for all the reasons you can imagine.”
“Will you be working with Jim Farlow on this project?” asked Marian.
“Probably not,” replied Robin. “We’ll keep this little exercise to ourselves I think. But I’ll certainly need his help for the next step, if this succeeds.”
“And what’s that, may I ask? Developing a programme that prevents this type of fraud, I suppose.”
“That obviously is the next step,” replied Robin. “But there are also two other possible frauds I want to explore later, and I will need Jim’s help with that work.”
“Your devious mind!” laughed Marian. “What other ways of cheating the banks have you devised?”
“Well, in two ways, possibly,” he replied. “First of all, if I can programme a card that will allow me to take money from the last user of a cash machine, surely it should be possible just to take money from the machine itself without using other people’s details. I would need to be able to devise a system that triggered the cash dispenser while bypassing the PIN number and so on of the last user. If I can do that in some way, then I could just about unload a machine of all its cash. The hole in the wall would become a real hole in the bank’s security system.”
“Ingenious, and obviously if you can do it, then so could a criminal. So yet another counter-measure will be needed,” said Marian.
“Exactly,” said Robin with a grin, “and one which the banking industry should be prepared to pay handsomely for.”
“What other way did you have in mind, then?” asked his partner. “You said had thought of two other possible ways to defraud the banks.”
“Simply this,” replied Robin. “If it should prove possible to gain access to a bank’s computer system using a piece of plastic at a hole in the wall machine, then it should also be possible to do it remotely - by computer, from home.”
“Wow!” exclaimed Marian. “That really would be serious for the banks.”
“And it’s going to be a great deal more difficult, as well,” said Robin.
He walked to the phone, and pulled out his wallet.
“First things first,” he said. “I shall phone the bank and tell them I’ve lost my debit card.”
No sooner had he done that, than the phone rang. It was Rupert.
“Were you on the phone, or on the Internet?” he asked.
“On the phone, as a matter of fact,” replied Robin. “I was just getting the bank to send me a replacement debit card.”
“Lost it, then have you?” asked Rupert. “Now that’s a real blow,” he went on, without waiting for an answer.
“Why, or need I ask!” queried Robin.
“Well, since you ask,” replied Rupert, “Freddie and I were just saying that we both have the mother and father of all thirsts, but that we are both skint, so can’t do much about it. And now this.”
“Hard luck, isn’t it?” responded Robin, winking at Marian.
“I suppose the lovely Marian still has hers, doesn’t she, or is our luck really out? Don’t tell me she’s lost hers as well.”
“Not yet,” replied Robin, without thinking.
“Ah, good,” said Rupert. “Could you possibly have a word in her shell-like ear, and tell her that Freddie and I are on our way round, suffering from dehydration. I’m sure she would not want to turn away two dear old friends in such dire distress.”
“You really are a couple of bums, do you know that? But come, anyway,” replied Robin. “I could murder a pint myself.”
“Wonderful! What good sorts you are, both of you. Bear in mind that we are simply impoverished students, not inventing things all the time and earning a fortune. If it were me, as Freddie once said, I’d jack it in and get on with life. If you can earn good money without a degree, why bother with it. Oh, and by the way,” added Rupert, “we thought we’d bring Valya with us - just as a bit of female company for Marian, you understand. She’ll have Vodka, of course.”
With that, he put the phone down.
“What was all that about?” asked Marian.
“Freddie and Rupert are on their way with a thirst and no money,” he replied. “They’re bringing Valya with them as company for you.”
“Like hell they are!” said Marian. “They’re bringing Valya with them because they both fancy her, that’s why.”
“As a matter of interest, since she’s at your College and you see her quite a bit, have you heard how’s she getting on? She seems to me to be quite a mathematical genius, and understands computers as well. It might be useful adding her to my little enterprise at some stage.”
“She’s doing all right, I think,” replied Marian. “Seems to work very hard, although we don’t go to the same lectures, of course. But we get on very well, and often meet over a coffee or something. I gather her father is coming over from Russia for a visit soon, to see her. Apparently, he’s one of Russia’s top computer programmers - or so she says.”
“No wonder she’s so good herself - it obviously runs in the family. I must try to meet him when he’s over here.”
“I’m sure Valya will be only too pleased to fix it - you can talk about it this evening. Now I must go and do my face before they all arrive.”
With that, the doorbell rang.
Marian swore quietly.
“I shall only be a tick,” she said, “let them in, and keep them talking.”
“They’ll wait, don’t worry,” replied Robin. “Take as long as you like - you’re the one with the credit card, remember?”
***
Valya was taller than most Russians, with a statuesque figure and long, fair hair. Robin had only met her a few times, and could understand why his two friends took such an interest in her. If it hadn’t been for Marian, he might have taken a greater interest himself.
She had started at St. Catherine’s at the same time as Marian, and they had met on their first day at the college. They explored the place together, shared all the uncertainties of settling in to a new home and a new regime, and soon found they had quite a lot in common. Valya spoke excellent English, although with a slight American accent, acquired during a spell living in California while her father was working in ‘silicon valley’ for a giant US computer firm. Marian and Valya had become firm friends, although they saw less of one another since Marian had moved in with Robin. Nevertheless, they met whenever they could in the lively Middle Common Room. Valya was a popular student, especially among those doing the Russian elements of the modern languages syllabus, even though she was herself doing computer science. Here, at least, she shared a common interest with Robin and Rupert that was not shared with Freddie.
Somehow, they had managed to sit on either side of Valya, when they found a table in The Wheatsheaf, although nobody was quite sure why they had gone there rather than anywhere else. But it was handy for Ma Belle’s if they felt like something French for supper and if Marian’s plastic stretched that far.
Robin had only just returned from the bar with their drinks when Valya had to tell Freddie and Rupert, in the strongest possible terms but with a smile, to keep their hands to themselves.
“We regard it,” said Freddie, gravely, “as our duty as gentlemen to look after you. We could not bear to see any harm come to such a delightful but welcome visitor to our country.”
“It has become our life’s mission,” added Rupert.
“Very kind of you, I’m sure,” replied Valya, “but I don’t need to be held down. Keep your hands to yourselves and off my knees, or I shall sit between Robin and Marian!”
“Why don’t you do that anyway?” said Robin. “We can talk about computers, and things these morons don’t understand.”
“I don’t think we’d object to that would we Rupert?” asked Freddie. “We could still keep an eye on our guest, and make sure no harm comes to her!”
“It would also considerably improve the view, if you ask me,” said Rupert.
So they shuffled round.
Valya turned to Robin. “I met another member of your course the other day, at the Science Park. Chap called Jim Farlow, who said he knows you.”
“Certainly, we know one another well,” replied Robin. “A very clever mathematician, he is, and interested in much the same aspects of computer science as myself.”
“But are you friends?” asked Valya.
“In a funny sort of way, we are,” said Robin, “but I have to say he is a bit of an odd ball. Likes to keep himself to himself, and doesn’t mix much, if I’m honest. But he’s good company when you can get him away from his studies, isn’t he Marian?”
“Yes, he is,” agreed Marian. “Really a charming fellow when you get to know him, but I think he’s a bit conscious of his background. I gather his family doesn’t have a lot of money, and that he’s finding it a bit of a struggle here at Oxford - which I suppose is why he doesn’t go out much.”
“He should sponge more, like we do,” suggested Freddie. “That would get him out more often.”
“He’s far too nice for that,” joked Marian. “Not as brash as you two, by any means.”
“He has a conscience which you two lack,” said Robin. “His better nature wouldn’t allow him to behave like you and Rupert.”
“I think our conscience is quite clear,” said Rupert. “We just need to survive in a hard world, that’s all. When we start inventing things, like you do, we shall be more than happy to repay your kindness, just you wait.”
“Could be a long wait!” laughed Valya.
“Now that’s no way to talk about us knights in shining armour, who are only intent on safeguarding your best interests, young lady!” protested Freddie.
“It’s become our life’s mission,” said Rupert again. “Coming from Russia, as you do, you can’t possibly understand the risks you run in a place like this, and so it’s only right that someone should tuck you under their wing and take care of you.”
“It may surprise you to know,” added Freddie, “that there are chaps wandering about in this great city who would stop at nothing to get acquainted with a ravishing blonde like you.”
“And two of them are sitting across the table from you!” said Marian.
“Take no notice of these two prattling idiots!” said Robin to Valya. “But I’m interested to know why you should be here, rather than studying in your own country. I always understood that there were some excellent universities in Russia.”
“There certainly are,” responded Valya. “Indeed, my father is lecturing at one even now, although he’s not on their full-time staff, regrettably. But it’s a long story, why I came here rather than studying in my own country.”
“You lived in America, too, didn’t you?” queried Rupert. “You could have studied there just as well. I’m personally very glad you didn’t, of course,” he added.
“Leaving America is an even longer story,” sighed Valya. “My father will tell you about that if you meet when he is over here, but it has left him a very bitter man, I’m afraid, and he bears America an awful grudge as a result.”
“How sad,” said Marian. “You’ve told me a little of it, and obviously it was not possible for you to stay there as your father was leaving.”
“My father,” said Valya, “has had a very hard life, from his earliest childhood, and he really thought that finding work in America was the beginning of a happier future, but it was not to be. He will tell you.”
Valya plainly did not want to talk more about it, as it seemed to bring back painful memories for her.
“When is you father due to visit Oxford?” asked Freddie, being tactful for once.
“In about ten days,” replied Valya. “He is coming privately, really to see how I’m getting on, and he will not be lecturing.”
“I really must meet him,” said Robin. “He has a great reputation, even in this country, as one of the finest computer brains there is.”
“That can easily be arranged,” said Valya, “and I know he is keen to meet some of my friends here.”
“I suppose that rules us out of the equation,” said Freddie, ruefully.
“If only we lived in a bigger flat,” said Marian, “we could arrange a dinner party or something in his honour - or even offer to put him up.”
“We’ll have the dinner party, anyway,” announced Robin. “We’ll all go out somewhere.”
“All?” queried Rupert. “Does that include the two great spongers, by any chance?”
“Only if Valya is convinced that you are friends of hers.”
“And only if you keep your hands to yourself,” laughed Valya. “That’s a good idea of yours, Robin, and I’m sure my father would enjoy meeting you all.”
Which he eventually did, although Robin had insisted on meeting the great man before the dinner party, as there was a lot he wanted to talk about without Freddie and Rupert listening in.
***
Robin re-doubled his efforts to convert his old credit card into the new format he had designed. Knowing he was soon to meet the great Sergei Volkov, he spent every moment he could working on the project, often late into the night. He was soon ready to start trials, and fortunately Marian’s new card had also now arrived, so he was able to experiment with two rather than just the one.
“You know, Marian,” he said “there is one great problem with all this.”
“Only one?” she queried.
“I really meant one problem with conducting trials,” he replied. “We have to carry them out at a real bank in a real cash machine. However sure I am that my new system will work, that is the only way of being sure.”
“So?”
“So, if the trial doesn’t succeed, I run the risk of loosing the card. The machine will keep it, and there’s no way I can just wander in to the bank and ask for it back. And that means that when they do eventually get the card out of the machine, it will have my name and card number embossed on the front, so they will know who has been trying to interfere with their system.”
“But why can’t you just go in and ask for your card back?” asked Marian. “They are not to know why the machine kept the card, are they? If they should put it into the machine themselves or test it in some way, they will simply find that the magnetic strip has been wiped clean for some reason, won’t they? They will put that down to a fault in their AMT, rather than suspect you of anything illegal.”
Robin thought for a moment.
“You know, you could just be right. I must hope that the cash machine does return the card, but if it doesn’t, perhaps I can act all innocent and go in to complain.”
“And if they do keep the card to send it back for reprogramming, or something,” concluded Marian, “you still have your new, ‘real’ card, and my old one as a blank for further tests.”
“In that case,” said Robin, “I think I’m about ready to try this out. I’ve checked everything I can here - the time has come to see if I can get money out of a hole in the wall from someone else’s account. Yours!”
“Let’s go then,” said Marian.
It was early evening when they strolled into the City centre, and both felt quite nervous about their experiment. Fortunately, they both had accounts at the same bank, although at different branches. There was a branch at the Carfax, on the corner of the junction of four ancient routes into the centre of old Oxford. There were not too many people about, and nobody was queuing at the cash machine when they got there. As planned, Marian went first, and withdrew £15 from her account. Robin followed immediately, and inserted his specially adapted card. The screen did not ask him to enter his PIN number, as it should have, but simply offered him the menu options. He chose ‘cash with on-screen balance’, pressed the £10 button, and was told to wait - ‘we are dealing with your request’, said the machine. Marian was watching anxiously over his shoulder, as the machine issued two five pound notes, asked him if there was any further transaction he wanted, and, when Robin hit the ‘no’ button, returned his card to him. The screen thanked him for using the bank!
They turned away, and walked off in silence along the High Street.
“I need a drink,” said Robin.
They crossed the road, and went into The Chequers.
“Glass of wine?” he asked Marian.
“Can we afford it?” she responded, with a grin
Suddenly the tension was gone, and they laughed as Marian slipped her arm through his.
“It works!” she whispered, as Robin ordered.
“Large or small?” asked the barman.
“Oh, I think we could manage a large one, don’t you?” he said to Marian. She nodded, happily. “And a bag of chips, please,” added Robin to the barman. “Cheese and onion.”
As they settled with their drink, Robin said, “You know, I really can’t believe that worked so well, first time.”
“It certainly should have done - you spent enough time testing it out,” replied Marian. “I am so proud of you.”
“Well, you know what I have to do now,” said Robin.
“Develop a security system that prevents anyone else doing what you’ve just done, I suppose,” guessed Marian.
“Well, in time - yes,” replied Robin, “But first I need to see if this card will work at other banks, even those where the cash machines charge users who don’t hold an account there, and then I need to see if I can use it to get money from other people’s accounts. There’s no reason why not, but I need to be sure. I have to be able to demonstrate to the clearing banks what this card can do, and then show them the security system to combat the fraud - once I’ve developed it.”
“So we have more testing to do,” said Marian.
“Yes, we do, but it shouldn’t take us long. We can always deposit the money we take out in our tests, so that our accounts don’t take too much of a hammering!”
Marian frowned, and said, “You know, I’m uneasy about taking money from the account of a total stranger.”
“So am I,” agreed Robin. “But unless I let other people in on this, there’s no real option.”
“Perhaps we could trust Rupert and Freddie?” suggested Marian.
“They’re no use,” laughed Robin. “They’re broke, and I shouldn’t think we’d manage to get anything out of the bank using them! But perhaps I could try Jim a bit later. I shall soon need to take him into my confidence, as I shall need his help, but I think I need to develop the next stage first, if I can.”
“And what’s that? Remind me,” said Marian.
“That is using the card to take money from a cash machine without needing to use someone’s PIN number. It should be possible to by-pass that aspect of the system, and I think I may just know how to do it, but it will need a lot of experimentation. I shall effectively have to build the electronics of an ATM machine - I can’t use the real thing, for obvious reasons.”
“That could be difficult,” commented Marian.
“It certainly could,” Robin agreed, “but once I’ve copied the computer system which reads the information on cash and debit cards, then I should be able to develop a system which triggers the machine without needing any personal information. That will allow me simply to open the box, so to speak, and remove money from it.”
“As a matter of interest, has Jim been working on such a scheme?” asked Marian.
“Not to my knowledge. So far as I can tell, his interest is the mainframe computers banks use, and beating them. That will be the area I concentrate on next, and that’s where we can work together.”
“Let’s get back to the flat,” said Marian. “We could try a different bank on the way.”
“Good idea,” said Robin. “I’ll use my account this time - real card first and my home-made ‘token’ immediately afterwards. This should be fun!”
The bank they used did, in fact, make a charge for non-account customers, according to a notice on the machine. The amount withdrawn would attract a surcharge of £1, which would show up on the customer’s next statement.
Robin used his real card, and withdrew ten pounds. He then used his adapted card, and successfully took out another ten pounds.
“That’s great!” said Marian. “It seems to work in any bank machine.”
“It certainly should have done, and I’m very pleased,” said Robin thoughtfully, “but I will be interested to see if I have to pay the surcharge twice.”
During the days and nights that followed, Robin once again devoted his efforts to achieving the next stage of his battle to beat the cash machines. He had now told his tutor of his particular interest in improving the security of the banking world’s ATMs by first of all demonstrating how vulnerable to fraud they were. His tutor had agreed that it was an area worthy of study, so long as it did not distract him from his main degree syllabus. This support enabled Robin to use more of the University’s own computing capability, and meant that he was no longer restricted to using his own machines at home. The increased power and flexibility now available to him, both at Trinity and at the Computing Laboratory in the Keble Road Triangle of the University Science area, saved him hours of work, especially in the difficult task of replicating the workings of the ATM machines themselves. He was able, using his new found support from his tutor, to obtain a good deal of useful information about the machines from both the Internet and from the manufacturers themselves.
Marian supported and encouraged him as best she could, making sure he ate proper meals and got as much rest as he could, as well as keeping him on track to attend important lectures for his degree course. She had her own studies to attend to, of course, but spent as much time as she could with him at their flat.
“It’s such a pity you can’t get more immediate help with this,” she had said once. “Are you sure that Jim, or even Valya couldn’t help in some way?” she asked.
“Not yet,” he had insisted. “I am enjoying the challenge of cracking this myself, as I’m sure I shall soon, and I do now at least have the support in principal of my tutor and the use of the university’s facilities. But once I’ve discovered how to trigger the cash dispenser without inputting any personal data, then I shall certainly need Jim’s help to develop defensive mechanisms against my own development work, and to help with the next and far more difficult stage. I may then even ask Valya to work on part of that project with me - we shall have to see.”
Some time after that, Marian returned to their flat one evening after a lecture to find Robin was not at home. That had never happened before. There was no note from him, or any other clue as to where he might be.
Naturally, she was worried, but decided at first that there was nothing much she could do about it, so bustled about as usual preparing something for their supper. But she could not get her mind off the suspicion that something could be wrong - even something quite serious, perhaps. What if the strain of the past few weeks had suddenly proved too much for him? Suppose he had suffered some sort of breakdown after his days and nights of relentless work? Where could he possibly have gone? Where might he be? Was he all right? Did he need help?
Eventually, her worst fears were allayed when he bustled in