The ins and outs of PINs

As long as personal identification numbers (PINs) exist, they will continue to be a target for criminals. The Payment Card Industry (PCI) Security Standards Council continues to update the PIN Security Requirements to enhance usability and understanding by stating the requirements in a more granular manner. And though security has been enhanced with the recent switch to the new EMV chip, PIN safety standards are still as important as ever. Which of the recent PIN security requirements are most relevant to your institution?

To understand the PIN safety standards of today, let first back up a bit to the very first PIN, which came along with the introduction of the first ATM back in 1967 at Lloyds Bank in London, England. The inventor of the ATM envisioned six-digit PIN numbers, but found that many people could only remember four. Longer PIN numbers would seem to be safer, but in fact, they turn out to be less secure, because with 7-digit PINs, many people would just end up using their phone number, and with 9-digit PINs, people tend to use either their social security number, or the always popular 123456789.

Despite the limitations of PIN numbers, they remain in common use. And their use has become even more common now away from the relatively secure ATMs at financial institutions; we now seem pin usage at unattended point of sale machines, such as a self-checkout at your local grocery store.

continue reading »

More News