Blog article
See all stories »

Are PIN Mailers still the best way to distribute PINs ?

Ever since banks started issuing credit and debit cards they also needed to supply customers with a PIN for cardholder verification purposes. These were for card usage at the ATM or POS terminal. The delivery method chosen was PIN Mailers.

PIN mailers hide the PIN number with scratch-off or peel-back panels that highlights any attemps at tampering. They are generally sent to the cardholders address using the postal service. Sometimes couriers are used to counter mail-in-transit risks.

PIN mailers are used to advise cardholder of the PIN to be used with a new card and for PIN reminders.

It seems that not much has changed in the process used by banks in the last 30 years.

But in the same time period so much else has changed.

  • Email is now a daily ritual for a large proportion of the population
  • Phones have gone mobile and smart
  • Text messaging is replacing calls and even developed its own language
  • Online banking is making visits to bank branches a rareity

So I pose the question are there better alternatives now available?

If so what are these?

With customers looking for immediacy and banks always looking to reduce their costs perhaps the time has come for a change.

I look forward to hearing your thoughts and suggestions.

 

 

21179

Comments: (11)

A Finextra member
A Finextra member 27 June, 2013, 15:32Be the first to give this comment the thumbs up 0 likes

110% agreed with you. infact we have a solution for the same where we deliver PIN through two channels after user verification.

we use Q&A with BI to figure out if the user is valid and then generate a complex PIN (based on the password policy)....

most important we do not deliver the PIN in single channel... we split the PIN into 2-3 parts and then deliver it through multiple channels like email, sms, voice call etc in different points in time....

so there is no way any hacker can get the complete PIN. 

i hope it supports your article and look forward to hear from you more. 

 

Ketharaman Swaminathan
Ketharaman Swaminathan - GTM360 Marketing Solutions - Pune 27 June, 2013, 17:17Be the first to give this comment the thumbs up 0 likes

Credit cards came into existence more than 50 years ago. Despite the progress of technology during this period, they're still around. Rightly or wrongly, card issuance still uses KYC norms that are centered around identity and address (and not mobile phone # or email address). As a result, it'd logically follow that conventional PIN Mailers, sent to the KYC'd name at the KYC'd address, would be the only legally valid approach. Besides, they work well and, compared to the alternatives, are free of friction for the average cardholder. I for one wouldn't want to go thru' different channels to assemble different pieces of passwords just to get to my PIN.

A Finextra member
A Finextra member 01 July, 2013, 11:45Be the first to give this comment the thumbs up 0 likes

I completely agree with your blog. It is inconvenient, untimely and uncompetitive to continue delivering PINs via post. And, with today's techonology paper and spit are no more secure.

I like the above comment using multiple channels although I would still rather the PIN be delivered as a whole, using the multiple channels to verify my identity. And I trust that banks would find seperating the PIN into multiple parts would clog up their call centres to no end. Consumers on the whole are just not that detail oriented.

I'd suggest using an encrypted PDF attachment to the customer's email address and then using a two factor authentication to decrypt it, part of which could be a hard token sent to a mobile phone. Banks tend to like using 'something they have and something they know' strategy. With 256 BIT encryption, it would take hundreds of years for a hacker to crack into a document such as this and they would still need the physical card to take advantage of the detail within if they were still alive. Not practical from a large scale fraud perspective.

Thanks for the interesting post!!

 

Ketharaman Swaminathan
Ketharaman Swaminathan - GTM360 Marketing Solutions - Pune 08 July, 2013, 12:35Be the first to give this comment the thumbs up 0 likes

@Finextra: Are detailed company-specific pitches now allowed on your blog posts / comments?

Matt White
Matt White - Finextra - Toronto 08 July, 2013, 13:19Be the first to give this comment the thumbs up 0 likes

No, Ketharaman, they're not. 

Patrick, I've deleted your comment. Please stick to the community rules.

A Finextra member
A Finextra member 09 July, 2013, 12:45Be the first to give this comment the thumbs up 0 likes

I apologise if I overstepped the mark with my initial post.  However, I agree with Mark and many others that the topic of PIN mailer replacement receives far less attention than it deserves.

 It seems to me that we’re way overdue for banks to offer alternatives to the slow and insecure PIN mailer. The benefits of electronic distribution are considerable. They include significant cost savings and management efficiencies for the issuer and immediacy of availability and greater security for the card holder.

 Actually I feel bad that we, as an industry, have taken so long to produce such an alternative!

Ketharaman Swaminathan
Ketharaman Swaminathan - GTM360 Marketing Solutions - Pune 09 July, 2013, 13:34Be the first to give this comment the thumbs up 0 likes

Actually, the industry is way off from coming up with compelling alternatives for many even more critical paper-based items: cash (its use is raising), cheques (UK government canceled abolition of cheques even by 2018), bills (ebills have less than 30% penetration), plastic cards (where are the mobile wallets?), and so on. PIN Mailers will have to wait their turn!

A Finextra member
A Finextra member 10 July, 2013, 11:09Be the first to give this comment the thumbs up 0 likes

Alas whatever new method of delivery is considered, the fear of interception is ever present.  Via mobile - SIM swap, email - phishing/other nasties, even post with mail intercepts.  In branch registration - only if they are open 24/7.   

In theory this is where contactless wins hands down, but until you can pay for that party food you need to the weekend on a single tap/hover, it will remain a nice to have.

How about something completely Sci fi?!  Everyone has an implant that is linked to everything they require to make a payment.  The card itself has something that is configured to that implant and will only work when in extreme close proximity to the user.  They only stop working when there is no sign of life... ok it's way out there.  But as I said at the start everything else just carries with it seemingly easy ways to get at the information.

Mark McMurtrie
Mark McMurtrie - Payments Consultancy Limited - Woking 12 July, 2013, 11:09Be the first to give this comment the thumbs up 0 likes

Thank you for the various comments made on this blog so far.

My view is that as an industry we should be moving to electronic PIN delivery as an alternative to paper based PIN mailers.

Just because there are many new payment technologies and challenges this is not a reason for banks not to make the first steps.

Consumers should be offered choice and this can include current and new PIN delivery options. Banks are often criticised for providing poor customer service. Electronic PIN Delivery is a small way to show they are looking to serve customer needs better.

The banking industry knows how to deliver secure banking services and these can be applied to PIN delivery.

Early adopters of electronic delivery can establish competitive advantage. 

 

I hope to learn of many implementations soon.

 

 

 

Ketharaman Swaminathan
Ketharaman Swaminathan - GTM360 Marketing Solutions - Pune 12 July, 2013, 11:45Be the first to give this comment the thumbs up 0 likes

I'd love to hear about any adopters - early or late - of electronic PIN delivery achieving competitive advantage. 

A Finextra member
A Finextra member 20 July, 2013, 07:00Be the first to give this comment the thumbs up 0 likes

I suggested the same way as Mark mentioned above , we should be moving to electronic PIN delivery as an alternative to paper based PIN mailers.

 I'd suggest to send a Email notification to customers those who want to generate the Pin number. Once the customer complete the few security questions and verified by the system, bank sends the PIN numbers to customers at the right movement in encrypted format.

It any manner we need to overcome this old school system (Physical PIN mailers). So my vote goes to Epin mailers.

Thnx for the interesting and great thinking post.

 

Mark McMurtrie

Mark McMurtrie

Independent Consultant

Payments Consultancy Limited

Member since

03 Apr 2013

Location

Woking

Blog posts

2

Comments

8

More from Mark

This post is from a series of posts in the group:

Payments strategies 2015-2020-2030

Payments systems visions, strategies, trends, pilots, forecasting, and planning for the short-, medium-, and far-term.


See all