[jeremyjh]

>If an ATM is disconnected from the network and when the partition eventually heals, the ATM sends sends a list of operations to the bank and the end balance will still be correct.

I don't think so. I support ATM client software for a large bank in the US and we certainly don't do this. This may be true for "remote" ATMs that are installed in convenience stores on POTS. I can't say I've ever actually heard of it though - the main problem with this idea is that cards cannot be authenticated without network access, and just spewing out money to every piece of plastic calling itself a card when your network connection has been dropped isn't really a recipe for success. Fraud is a real problem.

The ATM client software I support cannot do any transactions without a connection with its authorization system. That authorization system though, can stand-in for the various accounting systems and external networks up to pre-defined limits. So for example if for some reason we can't reach the checking account system we'll authorize up to $xxx total for the day on a stand-in basis. The transaction with the authorization system is definitely ACID; the ATM will not get a response code authorizing a withdrawal unless the transaction has been recorded in the authorization system. The account system may well be caught up later. The funny thing is, ACID is a property of individual database systems and it has absolutely nothing to with a question of whether two separate ledgers are guaranteed to be changed together or not at all. That would be the job of a distributed transaction coordinator - and those really are not used very much in banking. Instead there is a protocol of credits and debits and a settlement process to work out the exceptions. Maybe this is what the article was trying to say up to a point but they sort of confused the issue between the point of view of the ATM and the accounting systems of record.

[Maxious]

> just spewing out money to every piece of plastic calling itself a card when your network connection has been dropped isn't really a recipe for success.

Well they do this in Australia... http://www.news.com.au/money/banking/computer-glitch-hits-cb...

> "People were running past me screaming 'Free money! Free money!'," Punchbowl Pharmacy manager Feriale Zakhia said of the people using a nearby ATM.

> "Everyone was so happy. They were running around with huge smiles."

> [A technical problem] forced the bank to put all of their ATM machines into offline mode. Customers had no access to their account balance but were still able to withdraw money - more than their accounts held.

> Those withdrawal limits are up to $2000 a day for holders of keycards and debit Mastercards.

> "No one has received free cash," Mr Fitzgerald said. "What they've done is overdrawn their accounts. We will be following those people up and recovering that money."

[timv]

Leaving aside the fact that I wouldn't trust a newspaper to for the technical details of something like this, nothing in the article contradicts what jeremyjh said.

In that case, the ATM was disconnected from the accounting system and allowed withdrawals up to a set limit ($2000), but it (probably, the article is unclear) was still connected to the authorization system.

It (probably) still checked your PIN, and checked whether your card had been cancelled, etc. It just didn't connect through to check your balance.

As Jeremy said if for some reason we can't reach the checking account system we'll authorize up to $xxx total for the day on a stand-in basis

In this case some reason == "[A technical problem]" and xxx == $2000

[diroussel]

Which in turn agrees with the point of the original article. ATMS use BASE not ACID as it's more profitable to be available.

[GFischer]

Those humungous overdraft fees will definitely be profitable :)

BTW I've been scammed out of money by ATMs before - money was withdrawn from my account but some system jammed and I didn't get the money - and the bank was awfully uncooperative.

So far I've had more luck with the "money under the mattress" method than with banks - and I wasn't trapped in the "Corralito" or other bank-aided money-stealing schemes

http://en.wikipedia.org/wiki/Corralito

[gbaygon]

I see that you are from Uruguay, where you in Argentina at Corralito's time? ITT Uruguay is more trustworthy in banking terms.

[GFischer]

Uruguay had a smaller Corralito (and I was just starting out at the time, so I had no money in the bank).

Ecuador and Brazil also had their own versions. In the Uruguayan version, they didn't forcibly exchange the money, but they froze all bank assets for 3 years (losing out on interest, investment opportunities, exchange rates, etc...).

Uruguay is more trustworthy (especially with foreign investment) but it's not above such things.

Currently there's a big scare due to the huge exchange rate disparity with Argentina - which has an "official" exchange rate and a "real" exchange rate which is almost double the official one, and makes Uruguay non-competitive.

Edit: you're from Argentina, that's obviously not news for you :)

[SoftwareMaven]

Reading this, it doesn't sound like you said anything different. Sure, it isn't the ATM itself that makes the decision, but the authorization system can still step in and allow a transaction that is not committed to the actual account's log.

I'm sure that, under the hood, there are a lot of ACIDic transactions going on, but, stepping back, it still looks pretty BASEic. When I hit "withdraw $200", there is no guarantee that my actual account has a transaction commit for that amount. Instead, there may just be a log message saying "SoftwareMaven withdrew $200".

[jeremyjh]

Yes and I acknowledged this at the end of my comment I think.

I don't really think it is useful to try and use the terms ACID/BASE to refer to the aggreggate process behavior of an entire industry's technology. Not that it is wrong, it just really doesn't mean anything at that point. Most data interchange that takes place between thousands of different parties is going to have similar characteristics. Maybe a market/exchange is a good counter-example but I can't think of many others.

[abalone]

That's smart, but what he's saying is plausible. First of all significant parts of the world use chip-and-pin cards that can authenticate the pin locally. Not that they are hack proof by any means, but considerably better than mere magnetic strips like we still have here in the US. Moreover, if the offline mode is ephemeral and unpredictable, then it's less prone to exploitation. Again, not immune and not the safest thing for an ATM vendor to support, but the overall fraud risk could conceivably be within their comfort zone.

[dllthomas]

An offline mode might be ephemeral and unpredictable as a natural occurrence, but should be pretty easy to create...

[dasil003]

I think you're missing the forest for the trees here. The point of the article is not the specific semantics of ATMs, but rather the whole system of banking and how it accounts for CAP theorem.

[brazzy]

> the main problem with this idea is that cards cannot be authenticated without network access, and just spewing out money to every piece of plastic calling itself a card when your network connection has been dropped isn't really a recipe for success. Fraud is a real problem.

I believe some of the first ATMs actually worked offline (the PIN was encoded on the magentic stripe), but networked models came out a few years later. Of course, this was in the late 1960s, when card readers (and the expertise to use them) were far harder to obtain.

[stephen]

> Instead there is a protocol of credits and debits and a settlement process to work out the exceptions.

Exactly--the ecosystem as a whole is BASE, but the individual systems are ACID, and the "eventual consistency" aspect is implemented as first-class logic in applications/processes.

I think BASE is a good ecosystem-level principle, but when it gets into datastores, then each individual system doesn't know what it's true opinion of the world is, much less how it can effectively coordinate with other similarly potentially confused systems.

[rbanffy]

With any significantly complex architecture, there are many ways of being off-line. You may be unable to check a balance, but able to validate a PIN, or unable to make a transfer, yet perfectly capable of doing every other transaction. In that situation, if you can validate the PIN without being able to check the balance and you know this type of card is issued to clients with a certain overdraft limit, it's safe to clear the transaction and just tell the backend it happened when all remote functions are back online.

[snarfy]

Pretty much all POS systems have the ability to work in offline mode. The vendor can set the offline transaction amount to whatever they want, including disabling it. Typically, it is set to $75. If you go to a convenience store and they say "the system is slow today.. but it works", now is your chance to get away with < $75 worth of crime.

Source: I am a former software engineer for a credit card transaction system vendor.

[lrobb]

It certainly appeared that way to me as well. Although I don't really use ATMs much today, it used to be a fairly regular occurrence to arrive at an ATM then have to find the "next closest ATM" due to the machine having connectivity problems.