Lachlan Gunn - BenAlpin Ltd - Perth 29 April, 2010, 14:10 0 likes

It seems that every card issuer assumes that their card is the only one in a consumers wallet!  Isn't this one of the great ironies of the system?  We are told not to write down our PINs, and yet also NOT to use the same PIN for more than one purpose.  Well if you have several internet and phone banking relationships, and several cards, all with different PINs, how can you not write down a PIN?  It's impossible for most of us to remember all of our PINs without recording them in some way...........isn't it?  Yes we should take every reasonable step to protect our PINs - but we also need to remember them.

Stanley Epstein - Citadel Advantage Group - Modiin 30 April, 2010, 15:55 0 likes

It's all very well to suggest that one commits ones PIN to memory and does not write it down. But whoever came up with this sage piece of advice is assuming that the user has a single bank card and absolutely nothing else in the way of a PIN or password. Either that or they are oblivious to reality. The plethora of rules and restrictions, especially in the construction of PINs which varies from institution to institution has already sown the seeds of confusion. Just assume that card "A" requires a 4 digit PIN while card "B" demands a 6 digit PIN and that in neither case are any sequential digits allowed. Then throw in card "C" which has a bank allocated 5 digit PIN. Three cards and we already have confusion. Add to this mix the fact that one may have Internet access to all three institutions and that each demands a different user name and password, often consisting of a combination of digits and letters and which has to be changes on a regular basis. No way can I personally function on memory alone. And that is the reason why my list of PINs, Passwords, Access Codes and the like which enables me to run my life is five pages long. It's time we each have a universal unbreakable PIN that works for everything.

John Dring - Intel Network Services - Swindon 04 May, 2010, 09:11 0 likes

Call me cynical, but isn't it almost in the interests of the banks to leave this loophole open to them?  Its a catch 22 - to be crystal clear with authentication and non-repudiation, a PIN is black and white.  Much easier for a bank to judge than a physical signature for example.  But to have even a few PINs means you must must some kind of note, log, system to record them somehow, and thereby provides the banks with a possible exit from liability in cases where they might really need it.  Much easier to claim you have written down your PIN and invalidated any protection on the resulting transaction, than prove that they never expose your PIN internally for example.

I wonder what the law would say about PIN reminders and hints?  Is that OK? (e.g. my favorite month and the year my dog died??)