Community
It’s time to call time on the static PIN. We forget them too easily, they are too simple to guess, and – most importantly – they don’t really provide the security that both banks and customers need.
First, on average people forget their PINs every three months (source: 2012, A birthday present every eleven wallets? The security of customer-chosen banking PINs, University of Cambridge) – and given that some people never forget, it must be much more frequent in some cases.
Secondly, many people use “obvious” PINs, for example 1234 or the year they were born. They also change their various PINs so they are all the same. That’s far from secure and once compromised, the customer has a nightmare on their hands.
So far, so bad. But this is going to become much more important once the mobile wallet really catches on, as I fully expect it to do. Do most customers want to rely on a statis PIN to make significant money transfers from their mobile phone? And do banks want them to? Its likely that “full” PINs will be requested on devices that could well contain Trojans such as Zitmo.
For me, the most exciting thing about the new technology in this field is that we just don’t need static PINs any more. We can make mobile payments faster and safer without relying on a four-digit code that lots of people have written on a post-it note in their wallet, purse or on their desk.
The best authentication takes multiple, non-correlated data points, and puts them together almost instantaneously to prove, for example, that it is you accessing your bank account. Where your phone is (or is not) at that moment; the fact that it is your mobile phone; a memorable word or phrase; and, most excitingly, your own voice – each element adds another element of security, and taken together, they provide a far stronger method of real-time authentication than the humble PIN.
So yes, I look forward to a time when the PIN sounds as out of date as the cheque guarantee card.
This content is provided by an external author without editing by Finextra. It expresses the views and opinions of the author.
Ugne Buraciene Group CEO at payabl.
16 January
Ritesh Jain Founder at Infynit / Former COO HSBC
15 January
Bo Harald Chairman/Founding member, board member at Trust Infra for Real Time Economy Prgrm & MyData,
13 January
Welcome to Finextra. We use cookies to help us to deliver our services. You may change your preferences at our Cookie Centre.
Please read our Privacy Policy.