16

Everyone knows about the sure thing retirement strategy that is the Superman 3 exploit, but is there a way to exploit bankers' rounding to grab some of the less than half pennies "floating around out there"?

Specifically, assuming that the internal accounting cannot be tampered with like in Office Space, can transactions be formed within certain constraints to recover the rounded-off portions?

Peter Mortensen
  • 877
  • 5
  • 10
Jim Bob
  • 303
  • 2
  • 7
  • 5
    I believe such an attack is called [salami slicing](http://en.wikipedia.org/wiki/Salami_slicing). – Anko Dec 01 '14 at 16:21
  • And if you can, be sure not to goof up the formula like they did in Office Space... – Michael Dec 01 '14 at 17:25

2 Answers2

14

In fact it was exploited (on a low scale) in Germany before the Euro cash was introduced. The scheme worked like this:

Create two accounts, one already in Euros, the other in Deutsche Mark.

Transfer 0,01 DM to the Euro account, it is rounded up to 0,01 Euro

Transfer 0,01 Euro to the DM account, it is rounded up to 0,02 DM

A school class made some press headlines earning a few hundered Euros this way.

Of course, a transaction fee by the bank immediately destroys such schemes.

jk - Reinstate Monica
  • 1,658
  • 1
  • 11
  • 18
  • 1
    Thanks, I corrected it. --- BTW, the precise rules for transforming the old currencies into Euros (and back ...) were prescribed by the lawmakers. They didn't study mathematics, as one can see. – jk - Reinstate Monica Dec 01 '14 at 11:21
  • @Clockwork-Muse Sorry - mixed up my numbers: Assume course: 0.01 EUR = 0.016 DM therefore 0.01 DM = 0.00625 EUR. With Bankers rounding: 0.01 EUR = 0.02 DM and 0.01 DM = 0.01 EUR. And thus we can double money (with any common rounding, because bankers is only special for .5) – Falco Dec 01 '14 at 12:40
  • 3
    @Clockwork-Muse I think you are misinformed see Wikipedia:Rounding or http://c2.com/cgi/wiki?BankersRounding - they all describe it the same .1,.2,.3,.4 always get rounded DOWN, .6,.7,.8,.9 always get rounded UP and only .5 is rounded towards EVEN NUMBER! – Falco Dec 01 '14 at 13:20
  • @Falco - Hrm, you're right. Seems I misread it. () – Clockwork-Muse Dec 01 '14 at 13:41
5

A lot of checks go into critical functions such as transaction processing. Tests are run to ensure compliance to ACID (atomicity, consistency, isolation, durability) properties. Such code also goes through multiple rounds of code reviews and audits before deployment. While not impossible, it is very difficult to slide in a code segment undetected.

In Singapore, from what I have observed, there are a number of major banks that are still running their transaction processing systems on mainframes. The code is written in COBOL in the 70s or 80s and has probably never been touched since. To pull off something like this, you would need knowledge in archaic systems/languages which few people in this generation have.

Even if you manage to pull it off, it would be difficult to retrieve the money. It can't go straight into your account because your account would be flooded with millions of transactions which would definitely set off a red flag. Aggregating the leftovers will also cause problems. There are likely to be processes in place which identify suspicious activity (e.g. money laundering, fraud) which would pick up on the transaction.

limbenjamin
  • 3,944
  • 50
  • 72
  • 1,281
  • I doubt the school class mentioned by jknappen needed (or had) source code level access. – user Dec 01 '14 at 14:21
  • 1
    agreed, however Jim Bob was looking at a sum large enough for a "retirement strategy". I doubt those few hundred euros is enough for him to hang up his boots and call it a day – limbenjamin Dec 01 '14 at 14:25