In the era of rapid development of digital technologies, the volume of financial transactions carried out in non-cash form using an electronic device, such as an ATM, has significantly increased. Credit card users pay with them in stores, pharmacies, gas stations, cafes, hotels, and terminals and use them to withdraw cash.
A PIN (Personal Identification Number) was developed to protect payment details from unauthorised access and attacks by scammers and fraudsters. It is a secret combination used to verify the cardholder's identity when making payments.
A Personal Identification Number (PIN) is a secret security password that allows access to important user information.
A personal identification number, also known as a PIN code, has a numerical format. The PIN is required to verify the identity of the bank credit card holder to maximise the security of financial information and information about electronic transactions.
According to ISO 9564, an international standard for PIN management and security in financial institutions and services, the PIN must contain numbers from zero to nine and be no less than 4 and up to 12 characters long. The general requirement for PIN is the impossibility of randomly guessing it.
Other principles and requirements for credit card PINs that banks and other financial institutions must follow to ensure security:
There are three scenarios of PIN selection. The credit card issuer (issuing bank) can generate it using a random number generator, or they can generate it using some cryptographic function. Alternatively, the cardholder can select the PIN value.
When the bank generates a PIN, they may use IBM 3624 offset, VISA PVV Algorithms, or just a randomiser. They share it with the cardholder when opening a bank account in person or send it separately from the linked card by mail.
Encryption programs keep your code safe and secure. According to the requirements of payment systems, the PIN should not be stored in service terminals and on the issuer's hosting.
Another option is that the cardholder themselves comes up with a unique security code that must be entered with each transaction exceeding a certain amount.
A cardholder can also change the PIN assigned by the issuing bank to the one they choose.
The PIN code is known only to the holder of the bank card. The cardholder must enter the PIN for two main transaction types — paying for purchases using POS terminals and withdrawing cash from ATMs.
Here's why you need a PIN code for transaction processing:
The cardholder has three attempts to correctly enter the PIN code at the terminal or ATM. If the combination is incorrect, the bank card will be automatically blocked. In such a case, the cardholder should contact the issuing bank and apply for the card reissuance.
In online e-commerce, financial information is protected by PCI DSS, card tokenisation and other security technologies. That's why a PIN is not needed for online transactions.
Unfortunately, theft of individuals' personal data is not uncommon these days. In most cases, this happens because cardholders ignore simple rules that payment systems and card networks are always stating: