Why you will never be asked for your PIN by your card company

Testee

I thought it might be useful to explain why you will never be asked for your PIN number by your credit card company. Basically because only you and the computer knows that number - your PIN number is retained by the card company's computer in an encrypted format. There are a handful of IT security personnel who could perhaps work out the formula for decrypting that number into the one you tap into the machine. It is not held in any format on your account details so you will never be asked for the number simply because it cannot be verified. The PIN number truly is only known to you and if someone asks you for it they are planning to commit a fraud.

I have spent the last ten years working in the IT departments of credit and debit card companies in the UK, I have worked on the PIN systems and decrypting your PIN number is way beyond my capabilities.

corners_2

Hear hear

I work for a High St Bank and am amazed at the number of people who would not think twice about telling their pin number.

You would think that this would be advertised as part of the whole 'Chip & pin' ad campaign.

:T

aris

With chip and pin the PIN is verified by the card itself - no need for online verification.

Poppy9

In work a chap was rung by his bank to confirm his details including pin number. Immediately became suspicious and checked his wallet. Went to his jacket hanging in his office and it was gone.

A cheeky thief, dressed in office attire of shirt and tie was walking around the corridors, opening single office doors. If someone was in there he just said "oh sorry wrong room" , if empty he checked coat pockets - even took a nice leather jacket, and looked for bags.

reddevilled

Same thing happened at our place. Some thief had snook into the first office he came across and nicked a guys wallet.

Phoned work up asking to speak to him claiming to be the bank and that someone was trying to use his card in the bank.

Very scary to think that this sort of thing happens :mad:

Been keeping a closer eye on my wallet since then.

charlie12

Why are people leaving their wallets in coat/jacket pockets?!

Should be kept in trouser pockets, if the wallet is too big (like George's from Seinfeld) then it needs to be cleaned out

James

"Basically because only you and the computer knows that number - your PIN number is retained by the card company's computer in an encrypted format. There are a handful of IT security personnel who could perhaps work out the formula for decrypting that number into the one you tap into the machine."

Egg allows cardholders to view their PIN on-line. Keyloggers, Prints Screen comes to mind for ways of someone getting hold of your Egg card PIN. I wonder how being able to view your PIN on-line complies with the instruction , 'do not write your PIN down.'? IT specialists must be able to access this page too. Good reasons for not having a PIN with your Egg Card methinks!

Stonk

James wrote:

Egg allows cardholders to view their PIN on-line. Keyloggers, Prints Screen comes to mind for ways of someone getting hold of your Egg card PIN.

An interesting point. This means that Egg store their PINs in a decryptable format, as opposed to the one-way encryption that I would have expected.

I wouldn't worry about it being transmitted over the internet - the connection is very secure. If you've managed to contract a screen-shot-logger, well, you're stuffed in so many ways it doesn't bear thinking about!

Matt83UK_2

one-way encryption is pretty much poo anyway when your password is only a combination of 9999, one could easily work out reverse mappings, I doubt you'd find any one-to-many within 0001-9999.

Usually, with one way, the computer hashes your password/PIN and compares with the hashed password/PIN stored, so only at the point of entering is your password in clear text properly known, unless it stored decrypted. As I said before most banks will store the PIN unencryped too (or maintain a set of reverse mappings), for when you request your PIN again (Natwest for example it won't change)