On Thu, 3 Sep 2009 11:32:10 +0100
Paul Terry wrote:
No, there is no simple formula involved. The data is strongly encrypted
using three independent keys and the PIN can only be regenerated by a
specialist machine that decrypts both the original security number and
the offset used by the customer. It then outputs the PIN to a security
envelope. The only way for a member of the bank staff to see the PIN is
to open the envelope before it is posted, which is why customers are
always warned to check that the envelope has not been tampered with
before using their PIN.

I'm sure thats what they put in the sales brochure but reality in these
places its usually a little different. When I worked in the "priviledged"
customer dept in a well known bank a few years ago the supposedly secure
customer details were couriered arround the country on unencrypted floppy
disk and tape. Presumably someone thought that was more secure that
transfering over a dedicated T1 line. Or they were just insane, take your
pick.

B2003