Talk:Personal identification number

PIN Hack

In 2002 two PhD students at Cambridge University, Piotr Zielinski and Mike Bond, discovered a security flaw in the PIN generation system of the IBM 3624, which was duplicated in most later hardware. This has meant most ATM's are vulnerable to an attack known as the decimalization table attack which means that someone who can access ATM hardware can guess a PIN in an average of 15 guesses.

I've removed the above from the article, because it is somewhat misleading. For one thing, the proportion of the article taken up with it lends it undue weight, when it is actually of very little interest to anyone other than a bank manager. The exploit described is not in fact in ATM hardware, but in internal bank computing systems - a bank employee would probably have to have passed security screenings before they could access the systems on which the attack is possible. Nonetheless, it may bear insertion somewhere, and for reference, here's the research paper as a PDF [1] - IMSoP 05:27, 9 Mar 2004 (UTC)

Rereading it, I agree that the location of the explot should be more clearly stated, but I think you're underestimating how important it is. See http://www.cl.cam.ac.uk/~mkb23/media-coverage.html also Ross Anderson believes some of Bond's attacks have been used in practice.--Imran 14:03, 9 Mar 2004 (UTC)

Pricks?2.97.117.189 (talk) 15:31, 20 December 2015 (UTC)

Request: Pronunciation of PIN

It would be nice to add whether PIN should be pronounced P-I-N or PIN as in sPINning for foreign readers such as me :) Thanks, Swalot 11:19, 2 November 2006 (UTC)

Criticism

How are PIN's better than passwords? they are only 4 numbers and have fewer combinations than alphanumeric passwords. This has been removed from the article. 165.230.46.153 20:05, 16 November 2006 (UTC)

hoax tag?

Is the hoax tag because the page mentions the PIN security hoax (the belief that if you enter your PIN wrongly you can send a request for help if you're mugged in the ATM cubicle)? The article does label that section 'hoax'. Perhaps a little explanation of why such a system would be impossible and a stronger denial of its existence would clarify the section? Rimi talk 06:01, 8 February 2007 (UTC)

There's no reason for the hox tag that I can see. Talking about a hoax doesn't make the article a hoax. The existence of the software isn't a hoax - I've added an additional link to the article about it, just to clarify, although there were two already. CiaranG 08:27, 8 February 2007 (UTC)

PIN CODE

2019 —Preceding unsigned comment added by 12.207.88.169 (talk) 10:37, 25 September 2008 (UTC)

Probability question

How do we get 0.06% chance of guessing a 4-digit random PIN after three attempts? I calculate the probabilty as 1 - ((9,999 / 10 000) * (9,998 / 9,999) * (9,997 / 9,998)) = 0.0003. —Preceding unsigned comment added by 76.21.155.25 (talk) 18:05, 8 June 2009 (UTC)

The preceding sentence ("some banks do not give out numbers where all digits are identical ... or consecutive ... or numbers that start with one or more zeroes") implies that the calculations are based on less than 10⁴ possible PINs. (Note: I haven't actually done the calculations.) However the next sentence says "if all PINs are equally likely", implying (to me at least) "all PINs including all digits identical etc". I suggest that the paragraph (especially "all PINs are equally likely") needs rewording to clarify. Mitch Ames (talk) 13:56, 9 June 2009 (UTC)

The mathmatic formula is sound on the first comment, not to mention if you drop the possibility of all repeating digit PINs (i.e. 8888) there are 10 less numbers to choose from AND if you continue on to eliminate the possibility of PINs that start with 0 then you have reduced the TOTAL number of possible PINs by 1009, if you take away PINs that are consecutive in addition to the previous math it takes away another 6 potential PINs thus vastly increasing your chances of guessing correctly in 3 tries. I calculate the probabilty as 1 - ((8,984 / 8,985) * (8,983 / 8,984) * (8,982 / 8,983)) which, though I don't have a calculator in front of me, I can tell you is a heck of a lot different than the odds presented in the article. WesUGAdawg (talk) 03:44, 16 December 2009 (UTC)

I have put Citation needed tag on the 0.06% claim. This page http://financial-dictionary.thefreedictionary.com/Personal+Identification+Number quotes the same number but I suspect they got it from this article. FrankSier (talk) 15:33, 25 February 2013 (UTC)

1512034

hi —Preceding unsigned comment added by 124.253.122.115 (talk) 04:42, 20 April 2011 (UTC)

PIN's are not necessarily numeric anymore

Many services and websites started off using PIN as "Personal Identification Number". However, over time they have evolved the usage to extend to non-numberic values as well. So PIN is not necessarily and anachronism anymore. One example that comes to mind that I use every day is my RSA token. I have a "PIN" assigned to that, but the "PIN" is not numeric. — Preceding unsigned comment added by Docbillnet (talk • contribs) 14:58, 7 October 2011 (UTC)

Can you provide some references for this use of "PIN" for non-numeric password? If so, we can update the article to mention the semantic change of the "word". Mitch Ames (talk) 15:11, 7 October 2011 (UTC)

outdates info?

the article says the following: "Throughout Europe and Canada the traditional in-store credit card signing process is increasingly being replaced with a system in which the customer is asked to enter their PIN instead of signing" I've had a debet card since 1998 and have never not used my PIN. I do remember(as a child) my mother signing something in the 80's but here (Denmark) the replacement is long over, and i'm wondering if it's the same case anywhere else.94.145.236.194 (talk) 14:47, 8 December 2011 (UTC)

card-not-present

We now have several US suppliers demanding the "ATM PIN", ie the card PIN, for internet transactions. Presumably, this enables them to avoid the Card-Not-Present transaction fees. I haven't seen any documentation about this.

The Web is full of old documention saying that the PIN will not be required for Card-Not-Present transactions, and our (AUS) banks don't know anything about it either.

Any further information would be welcome. — Preceding unsigned comment added by 203.206.162.148 (talk) 03:22, 3 May 2012 (UTC)

"PIN number" erroneous?

At present the lead states that the usage "PIN number" is erroneous. The link given for 'erroneously' goes to the article RAS syndrome, and that article itself gives reasons, I think, for not considering the usage to be erroneous.

The usage is very common (examples: The most common pin numbers: is your bank account vulnerable?,Have only one PIN number? It's YOUR fault if your cash is stolen, ATM PIN Number Reversal hoax email) and could probably be counted as the standard usage, or at least a standard uasge. FrankSier (talk) 14:54, 25 February 2013 (UTC)

Yeah. Unlike others like "ATM machine" which are clearly redundant, "PIN number" is not completely redundant. There are other types of pins. 4.238.1.82 (talk) 22:47, 27 March 2013 (UTC)

There are many other types of ATM as well - not all of them machines. Mitch Ames (talk) 09:29, 29 March 2013 (UTC)

Update to Intro

I just changed a sentence in the introduction because I thought it was possibly to misinterpret as suggesting that PINs have not been used in the UK or Ireland at all prior to the Chip and PIN campaign.

The previous text was "In the UK and Ireland this goes under the term 'Chip and PIN', since PINs were introduced at the same time as EMV chips on the cards."

I also added a reference. Stardarks (talk) 16:03, 3 December 2013 (UTC)

PINs that are not PINs

I've simplified the 3rd paragraph of the lead, which describes PINs in non-ATM/EFTPOS environments. If it's not described as a PIN, not subject to the formatting requirements of a PIN (4-12 numeric characters), is it really a PIN?

Note that this previous edit:

may are not be subject to the formatting limitation ...

is not valid. A web site may limit PINs to those that meet ISO 9564. Eg, Qantas frequent flyer PINs are limited to four digits. Mitch Ames (talk) 03:51, 27 April 2014 (UTC)

Support for and truncation of PINs longer than 4 digits

Personal identification number#PIN length says that:

Not all networks support entry of PINs longer than six digits, and many networks truncate the PIN to four digits.

I suspect that the use of the word "network" is misleading or incorrect. Typically if the PIN is being transmitted over a network (ie not verified locally by the ATM or EFTPOS terminal) the PIN entry device will encrypt the PIN then send the encrypted PIN block to the card issuer and/or bank, which will decrypt and verify it. It is not possible to truncate the PIN while it is encrypted, so it must either be truncated by the PIN entry device (before encryption) or by the bank verifying it (after encryption). I suspect that truncation would happen at the entry device, but don't have a reference to support that. (A few years ago an Australian bank, which supported PINs longer than 4 digits, advised me to change my 6-digit PIN to 4 digits before going overseas, because some overseas ATMs would not accept more than 4 digits.) If someone could dig up a reference for the truncation, we could fix that sentence in the article to be more accurate. Mitch Ames (talk) 12:05, 13 June 2014 (UTC)

I have had a similar experience, but I also do not have a reference (it was a verbal advice), and I'm also not sure what the network mechanism is. Enthusiast (talk) 03:49, 14 June 2014 (UTC)

This updated version of the article said:

Not all networks support entry of PINs longer than six digits, and many networks can only accept four digit PINs.

This wording has the same problem - the network typically transmits an encrypted PIN block, containing a PIN whose length is unknown to the network. The PIN entry device is what limits the "entry of PINs longer than six digits".

So I've updated the article accordingly - but we still need a reference. Mitch Ames (talk) 08:57, 14 June 2014 (UTC)

I think this edit is too much irrelevant detail. While it is probably true that the limit is imposed by software rather than hardware, that distinction is not relevant in this context; most readers of the article and/or users of an ATM are not going to care about the difference. (The distinction might be relevant in the automated teller machine or PIN pad articles, but not here.) Also "most" (vs "not all") and "software" are more specific statements that we have no references for. (The earlier version is also unreferenced, but - being more general - ought to be easier to find a reference for.)

I propose reverting to the earlier, simpler description. If you really think it matters we could use the more verbose "Not all ATM and EFTPOS terminals support entry of PINs longer than six digits ...", but I really don't think we should make the distinction between hardware and software. Mitch Ames (talk) 03:45, 15 June 2014 (UTC)

Card not present, 2014-06

This edit says that PINs are used in card not present transactions, but that is definitely not the case in Australia, where there are as many as four independent authentication codes:

• the ATM/EFTPOS PIN
• the card security code, visibly printed on the card, used for telephone or internet credit card transactions
• the telephone banking code, numeric-only for entry on a touch tone phone, typically quite short (eg 3 digits with Westpac)
• the online banking password

The last two typically allow account enquiries and transfers between customer's own bank accounts and BPAY bill payment, possibly payments to other peoples' bank accounts, but not general purchases. The Australian banks make a point of using different terms for each, and not using "PIN" to refer to anything other than the ATM/EFTPOS PIN.

Perhaps is other countries, the ATM/EFTPOS PIN is used for internet/phone transactions/banking, but if that is the case:

• The article needs to explicitly mention that different countries have different rules
• References should be provided.

(This matter was raised a couple of years ago in #card-not-present, but there was no follow-up.) Mitch Ames (talk) 02:53, 15 June 2014 (UTC)

Key-balls mapped St. Lucía?

1. Peggy (1904-06-08) 8 June 1904 (age 119) 8 June 2002(2002-06-08) (aged 98)
2. Elspeth (1925-06-08) 8 June 1925 (age 98) 8 June 1990(1990-06-08) (aged 65)
3. Arma (1937-06-08) 8 June 1937 (age 86) 8 June 1997(1997-06-08) (aged 60)
4. Margaret (1932-06-08) 8 June 1932 (age 91) 8 June 1997(1997-06-08) (aged 65)
5. Joyce (1935-06-08) 8 June 1935 (age 88) 8 June 1990(1990-06-08) (aged 55)
6. June (1940-06-08) 8 June 1940 (age 83) 8 June 2000(2000-06-08) (aged 60)
7. Shirley (1941-06-08) 8 June 1941 (age 82) 8 June 2002(2002-06-08) (aged 61)
8. Isabelle (1942-06-08) 8 June 1942 (age 81) 8 June 1997(1997-06-08) (aged 55)
9. Yvonne (1947-06-08) 8 June 1947 (age 76) 8 June 2018(2018-06-08) (aged 71)
10. Phyllis (1945-06-08) 8 June 1945 (age 78) 8 June 2007(2007-06-08) (aged 62)
11. Cathy (1948-06-08) 8 June 1948 (age 75) 8 June 1990(1990-06-08) (aged 42)
12. Marion (1948-06-08) 8 June 1948 (age 75) 8 June 2006(2006-06-08) (aged 58)
13. Lynnette (1951-06-08) 8 June 1951 (age 72) 8 June 2012(2012-06-08) (aged 61)
14. Carol M D (1953-06-08) 8 June 1953 (age 70) 8 June 2002(2002-06-08) (aged 49)
15. Angie B H F (1954-06-08) 8 June 1954 (age 69) 8 June 2016(2016-06-08) (aged 62)
16. Carol M S (1955-06-08) 8 June 1955 (age 68) 8 June 2007(2007-06-08) (aged 52)
17. Angie W G (1957-06-08) 8 June 1957 (age 66) 8 June 2018(2018-06-08) (aged 61)
18. Fee (1959-06-08) 8 June 1959 (age 64) 8 June 2007(2007-06-08) (aged 48)
19. Susann (1960-06-08) 8 June 1960 (age 63) 8 June 2021(2021-06-08) (aged 61)
20. Nikki B H F (1964-06-08) 8 June 1964 (age 59) 8 June 2016(2016-06-08) (aged 52)
21. Veronica (1964-06-08) 8 June 1964 (age 59) 8 June 2018(2018-06-08) (aged 54)
22. Allison (1966-06-08) 8 June 1966 (age 57) 8 June 2018(2018-06-08) (aged 52)
23. Laura W G (1967-06-08) 8 June 1967 (age 56) 8 June 2019(2019-06-08) (aged 52)
24. Lynn (1967-06-08) 8 June 1967 (age 56) 8 June 2019(2019-06-08) (aged 52)
25. Liz B H F (1971-06-08) 8 June 1971 (age 52) 8 June 2016(2016-06-08) (aged 45)
26. Brenda (1971-06-08) 8 June 1971 (age 52) 8 June 2002(2002-06-08) (aged 31)
27. Dawn (1971-06-08) 8 June 1971 (age 52) 8 June 2019(2019-06-08) (aged 48)
28. Wanda (1977-06-08) 8 June 1977 (age 46) 8 June 2002(2002-06-08) (aged 25)
29. Julie W F (1977-06-08) 8 June 1977 (age 46) 8 June 2001(2001-06-08) (aged 24)
30. Laura B (1978-06-08) 8 June 1978 (age 45) 8 June 1992(1992-06-08) (aged 14)
31. Louise B H F (1979-06-08) 8 June 1979 (age 44) 8 June 2014(2014-06-08) (aged 35)
32. Kerrier (1979-06-08) 8 June 1979 (age 44) 8 June 1997(1997-06-08) (aged 18)
33. Marcia (1980-06-08) 8 June 1980 (age 43) 8 June 1992(1992-06-08) (aged 12)
34. Donna (1981-06-08) 8 June 1981 (age 42) 8 June 2006(2006-06-08) (aged 25)
35. Claire (1982-06-08) 8 June 1982 (age 41) 8 June 2006(2006-06-08) (aged 24)
36. Jo M S (1985-06-08) 8 June 1985 (age 38) 8 June 2010(2010-06-08) (aged 25)
37. Jo M D (1984-06-08) 8 June 1984 (age 39) 8 June 2002(2002-06-08) (aged 18)
38. Ruth B H F (1989-06-08) 8 June 1989 (age 34) 8 June 2014(2014-06-08) (aged 25)
39. Laura B H F (1991-06-08) 8 June 1991 (age 32) 8 June 2016(2016-06-08) (aged 25)
40. Paige B H F (1991-06-08) 8 June 1991 (age 32) 8 June 2015(2015-06-08) (aged 24)
41. Kirsty (1992-06-08) 8 June 1992 (age 31) 8 June 2012(2012-06-08) (aged 20)
42. Amey (1992-06-08) 8 June 1992 (age 31) 8 June 2016(2016-06-08) (aged 24)
43. Ella (1993-06-08) 8 June 1993 (age 30) 8 June 2018(2018-06-08) (aged 25)
44. Lois (1993-06-08) 8 June 1993 (age 30) 8 June 2015(2015-06-08) (aged 22)
45. Harriet (1997-06-08) 8 June 1997 (age 26) 8 June 2016(2016-06-08) (aged 19)
46. Ashleigh H F (1998-06-08) 8 June 1998 (age 25) 8 June 2016(2016-06-08) (aged 18)
47. Leighann (1999-06-08) 8 June 1999 (age 24) 8 June 2016(2016-06-08) (aged 17)79.77.211.67 (talk)

My phone broke I don't have it anymore I don't have access to my Gmail phone number or my cash app I have locked my card cause I didn't want anything taking off it with out it being me that was doing it how do I get in to my card I. Have a new account card same name just new account and gmail

Plz help me revondaprice22@gmail.com 165.166.100.78 (talk) 19:00, 23 June 2022 (UTC)

Facebook

Olvide mi contraseña 64.127.156.125 (talk) 11:14, 9 August 2023 (UTC)

Daniel zapata

Olvide mi contraseña 64.127.156.125 (talk) 11:15, 9 August 2023 (UTC)

Olvide mi contraseña 64.127.156.125 (talk) 11:16, 9 August 2023 (UTC)