25 August 2016

44975

Retired Member

1,903Posts 6,121,148Views 2,119Comments

What are the most common PINs?

12 August 2013  |  2536 views  |  4

How much thought do you put into your PIN? Is it someone’s birthday? Your vital statistics? You would think that people would try to protect their bank account balance or credit limit to the best of their ability, but you’d be surprised. A startling number of consumers still put little effort into determining a PIN. 

Recent research [Data Genetics] confirms the fact that many consumers choose easy combinations or number patterns which are an open wallet for fraudsters. In fact, with just three combinations, they could swoop into nearly 20% of accounts and clean them out.

The result? A fraudster doesn’t need to be Dynamo the magician to gain access to a significant haul. In the end banks are typically the ones footing the bill for the crime. Rather than take the hit, shouldn’t we be finding new ways to encourage customers create less obvious PINs?

Banks already recognise the importance of secure PIN creation and invest significant time and effort in communicating this to the customer. Unfortunately the advice seems to be falling on deaf ears. In order to get this message through to their customers and close the loophole, they’ll need to take a different tack. Banks should devise alternative ways to hammer the message home, look at more sophisticated authentication methods to keep the fraudsters at bay and perhaps block the use of those three “magic” numbers.

 

TagsCardsSecurity

Comments: (6)

Brett King
Brett King - Moven - New York | 12 August, 2013, 18:02

Matthew,

I worked extensively on two-factor authentication models for large banks like HSBC and others, and what we found was that the more you try and make a system secure, the less secure it becomes because due to memory load consumers find work arounds that are increasingly unsafe. 

To illustrate - you put two PINS on a card instead of one, and people will try to use the same PIN, or write down the second PIN on their card because of the memory load.

The solution is not more complex passwords or enforcing stricter rules, but as you've pointed out more sophisticated authentication methods that don't require memory load (i.e. Biometrics).

Brett King, BANK 3.0 

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Jonathan Rosenne
Jonathan Rosenne - QSM Programming Ltd. - Tel Aviv | 13 August, 2013, 04:25

Customer selected PINs are a disaster. There exists better research, based on actual cracked PINs rather than passwords, where the results are different though similar. The most common PINs were 1234, 5555 and 3333, followed by birthdate and ZIP code related numbers. It was claimed that if a thief has your wallet or access to your pesonal data he needs on average 6 trials to get to 50% of the PINs.

Banks should use random or cryptographically generated PINs.

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
A Finextra member
A Finextra member | 13 August, 2013, 08:40

FYI for both my Swiss debit card and Swiss Visa card, my pin is 6 digits as opposed to the 4 I was used to in France/UK.  Not much more to remember, but more secure?

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Jonathan Rosenne
Jonathan Rosenne - QSM Programming Ltd. - Tel Aviv | 13 August, 2013, 09:46

6 digit cardholder selected PINs would only be marginally more secure. One would, I guess, still get a preponderance of 123456, 555555, 333333, birthdays and zip codes related PINs.

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Brett King
Brett King - Moven - New York | 13 August, 2013, 15:40

Jonathan,

The problem with cryptographically generated PINs is memory load. We've got test after test of users who if they can't easily remember their PIN will write it down or store it in their phone.

With the memory load factor being a central hurdle to this problem the only solution is a simpler secure form, not more complex ones. Hence why biometrics are so core to a permanent solution to the Username/PWD/PIN connundrum. 

Brett King
BANK 3.0 

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
A Finextra member
A Finextra member | 04 September, 2013, 10:19

Thanks for the comments. From my perspective, technological advancements mean biometrics are well on the way as a viable way for banks to enhance security and improve the customer experience. This must be the right thing to do from both an industry and consumer perspective. But we need to tread carefully; biometrics may provide a route to a more secure service, especially for remote channels, but the industry must ensure that there are common user interfaces based on standards if we are to retain customer confidence. In a world where consumers maintain multiple financial services relationships, it is up to the industry to ensure that the added security enhances the customer interaction rather than detracts from it.

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Comment on this story (membership required)

Latest posts from Retired

Content Marketing to promote your App

16 May 2016  |  6224 views  |  0 comments | recomends Recommends 1 TagsMobile & online

Crypto-Finance will transform financial services!

11 May 2016  |  2554 views  |  0 comments | recomends Recommends 4 TagsBlockchainPayments

Marketing your App using Social Media

21 April 2016  |  3305 views  |  0 comments | recomends Recommends 0 TagsMobile & online

2 easy ways to use Google AdWords in your app marketing strategy

15 April 2016  |  3831 views  |  2 comments | recomends Recommends 0 TagsMobile & online

Retired's profile

job title
location
member since 2014
Summary profile See full profile »

Retired's expertise

What Retired reads
Retired writes about

Who's commenting on Retired's posts

Graham Seel
Ketharaman Swaminathan
Gerard Hergenroeder
Konstantin Rabin
Matt Schofield
Anna Robert
Ian Davis
Steve Patel
Aparty Behera
Karim Maalouf
Stephen Hart
Paul Zaman