Personal identification number (PIN)
In the era of rapid development of digital technologies, the volume of financial transactions carried out in non-cash form using an electronic device, such as an ATM, has significantly increased. Credit card users pay with them in stores, pharmacies, gas stations, cafes, hotels, and terminals and use them to withdraw cash.
A PIN (Personal Identification Number) was developed to protect payment details from unauthorised access and attacks by scammers and fraudsters. It is a secret combination used to verify the cardholder's identity when making payments.
What is a Personal Identification Number (PIN)?
A Personal Identification Number (PIN) is a secret security password that allows access to important user information.
A personal identification number, also known as a PIN code, has a numerical format. The PIN is required to verify the identity of the bank credit card holder to maximise the security of financial information and information about electronic transactions.
What should a PIN code look like?
According to ISO 9564, an international standard for PIN management and security in financial institutions and services, the PIN must contain numbers from zero to nine and be no less than 4 and up to 12 characters long. The general requirement for PIN is the impossibility of randomly guessing it.
Other principles and requirements for credit card PINs that banks and other financial institutions must follow to ensure security:
- The PIN must always be stored encrypted or physically secured;
- PIN encryption for two users cannot give the same result;
- PIN codes must be protected from physical substitution and reconfiguration;
- A bank must revoke a PIN that has been or is suspected to be compromised.
How are PIN codes generated?
There are three scenarios of PIN selection. The credit card issuer (issuing bank) can generate it using a random number generator, or they can generate it using some cryptographic function. Alternatively, the cardholder can select the PIN value.
When the bank generates a PIN, they may use IBM 3624 offset, VISA PVV Algorithms, or just a randomiser. They share it with the cardholder when opening a bank account in person or send it separately from the linked card by mail.
Encryption programs keep your code safe and secure. According to the requirements of payment systems, the PIN should not be stored in service terminals and on the issuer's hosting.
Another option is that the cardholder themselves comes up with a unique security code that must be entered with each transaction exceeding a certain amount.
A cardholder can also change the PIN assigned by the issuing bank to the one they choose.
When do I need a PIN code?
The PIN code is known only to the holder of the bank card. The cardholder must enter the PIN for two main transaction types — paying for purchases using POS terminals and withdrawing cash from ATMs.
Here's why you need a PIN code for transaction processing:
- identification of the cardholder;
- protection from threats and fraud;
- quick code change in case of scams.
The cardholder has three attempts to correctly enter the PIN code at the terminal or ATM. If the combination is incorrect, the bank card will be automatically blocked. In such a case, the cardholder should contact the issuing bank and apply for the card reissuance.
In online e-commerce, financial information is protected by PCI DSS, card tokenisation and other security technologies. That's why a PIN is not needed for online transactions.
Security rules to protect your personal identification number
Unfortunately, theft of individuals' personal data is not uncommon these days. In most cases, this happens because cardholders ignore simple rules that payment systems and card networks are always stating:
- Don't write the PIN code down (especially on the card). Memorise it;
- Don't disclose the secret password to third parties;
- Bank representatives don't need to know your PIN for banking operations and transactions;
- When making transactions on the internet, a PIN is not required.
Ready to boost your business to the next level?
Get in touch with us and we will try to provide you with the most relevant offer.