Have you ever used a 2FA code? Its a similar mechanism to that.
Essentially, both the bank and your card have a shared secret number - the bank sets this up when they issue you your card. You can think of it like a key that only the two of you have.
When you put your card into your card reader and enter your pin, you're asked to enter something like a confirmation code, like the account number you're trying to transfer money to. The card reader can then combine the secret number on the card with that confirmation code, which you then give to your online bank to give the output. The online bank can then check that output number - since it also has your secret number! But no one else without that secret number can perform that calculation!
The details of exactly how this works is a bit tricky, since cryptography gets mathy fast, and requires lots of other proofs of other useful properties, e.g. protecting against using the same output code twice, etc.
nihizg t1_iwzr876 wrote
Reply to ELI5 How do card readers for online banking work if they are not connected to the internet? by Koopatrillion
Have you ever used a 2FA code? Its a similar mechanism to that.
Essentially, both the bank and your card have a shared secret number - the bank sets this up when they issue you your card. You can think of it like a key that only the two of you have.
When you put your card into your card reader and enter your pin, you're asked to enter something like a confirmation code, like the account number you're trying to transfer money to. The card reader can then combine the secret number on the card with that confirmation code, which you then give to your online bank to give the output. The online bank can then check that output number - since it also has your secret number! But no one else without that secret number can perform that calculation!
The details of exactly how this works is a bit tricky, since cryptography gets mathy fast, and requires lots of other proofs of other useful properties, e.g. protecting against using the same output code twice, etc.