Blog article
See all stories »

How many PIN codes you can remember?

Every time I get new service or new card, I get new user name and new PIN code. As it is written in many data security manuals, never store your codes next to computer, mobile device or similar places, where it can be found. it is also written that newer use same user names or passwords to different places.

Problem is that I will forget passwords and user names. Especially when not using service every week. Like my third credit card, haven't used to many times and have no clue what is PIN code for it.

I have seen some new innovations where I can store all my valuable information and use is while browsing online. It can be like online master vault for usernames. But it works only partly. For example if I register to that system using my company email address and then move to another company, I have no access anymore to receive those old emails. Or if I use my current gmail- address, do I really trust that it is not hacked.

Some time ago I started to think if only one PIN code I have created could be part of my solution. Under that PIN code I could store all my other PIN codes, account numbers for direct debit, e-invoice address, phone numbers etc. When I need my information for example accepting new SEPA Direct Debit payment with merchant, I fill out my information to online platform, add my PIN code and then use verified online method. When I am identified with my e-card ID or similar method, same time another request is send to one common server, where my PIN code is verified with my given bank account number. These informations are provided same time to merchant, but merchants information is send to my bank to notify that this merchant will soon debit my account.

Or this could be used to shop online. Instead of giving my card number or my card PIN number, I just give my own created PIN code and I am verified same way as required by Visa/ Mastercard secured solution. When everything is OK, merchant will get my card information, but my bank would get information that this merchant will debit my account soon.

With this system, there would be two layers of security, but same time end users would have easy way to purchase or do business online.

Of course, who will control this master data base with all the information I have given? That is the big question.

5448

Comments: (4)

Michael Wright
Michael Wright - Striata | Secure Document Delivery - London 08 June, 2011, 09:50Be the first to give this comment the thumbs up 0 likes

Hi Antti,

Your last line is the most pertinant, "who will watch the watchers" is always the biggest question.

I think that the concept that you are describing has been envisaged by many security start-ups. The problem is critical mass for one solution to become the dominant one - in a market where the entry price for new ideas and software is "free".

In my world, one the major reasons the adoption of eBilling is so low is that people can't remember a different username and password for each eBilling website. We advocate the use of encrypted attachments sent by email - effectively using the users inbox as one factor and a shared secret as another. Security architects understand that it's not perfect but it's very practical.

regards

Michael Wright - CEO | Striata

A Finextra member
A Finextra member 08 June, 2011, 10:07Be the first to give this comment the thumbs up 0 likes

Michael,

thanks for comments. Idea itself is good but it has to run by trusted third party, where banks, mobile operators, credit card companies and finally customers trust. No start up firm get that reputation. Only company I could think to handle this job is SWIFT.

What comes to eBilling, I have a problem when some of my eBills are in emails as PDF form, some are online portal and some are inside my online bank, which is handy as long as I don't change bank.

What would be nice to use e-invoice to order something. Then I would be verified same method as Mastercard/ Visa are using when shopping with 3D- security level and then I would be billed with my e-invoice. That e-invoice then would come to service I would like to get all e-Bills. That could be email account, that could be my home online bank or one portal. 

Michael Wright
Michael Wright - Striata | Secure Document Delivery - London 08 June, 2011, 11:24Be the first to give this comment the thumbs up 0 likes

The interesting thing about what you describe is that you wish to have flexibility in the format of your eBills. Your personal choice could be an internet banking portal - yet someone else may wish to use their inbox.

What this requires is the adoption of an eBilling address space - something that has been the topic of discussion in eBilling and e-Invoicing circles for a while.

Using a dedicated email address for your ebills would allow you to route these type of communications to a specific inbox. Billers can email the documents (probably in multi-layered PDF fromat) very simply.

At the same time you may decide to route some bills to your internet banking bill manager - by giving the biller a dedicated email address for your banking portal (i.e. accountnumber@bankname.com). Again these bills can be emailed to that address (or transfered in bulk by FTP) in multi-layered PDF and the bank can read the XML data and display the bills appropriately.

Consumer eBilling needs to find the address space that will work in all situations and that can start now and scale as people move from paper to electronic document delivery.

Michael Wright - CEO - Striata

A Finextra member
A Finextra member 08 June, 2011, 12:14Be the first to give this comment the thumbs up 0 likes

Micheal, you are correct. End user should always decide where they get their bills. If you compare to current paper world, all my bills drop to same mail box every day. I don't have to fetch my bills from different places, like today it is required among e-bills.

E-bill address, which I can always remember should be nice. Your idea with account number@bankname.com is one option. Nordic SEPA based way too long account is just too complicated, even it goes straight thru to my online bank. For this reason I have been thinking to create PIN code, which is linked to my account or my email address. Giving this PIN code to merchant then would give me access to receive my bills to the place I would like to get and pay. Is it my email box or my online bank, that is up to me where I get my bills.

 

Retired Member

Member since

19 Mar 2009

Location

Blog posts

6,066

Comments

6,309

This post is from a series of posts in the group:

Payments strategies 2015-2020-2030

Payments systems visions, strategies, trends, pilots, forecasting, and planning for the short-, medium-, and far-term.


See all