Oyster Renewal
In message
, Andy
writes
I know that the PIN is held by the bank, otherwise it would be
very hard for a reminder to be sent.
I don't think that even the PIN is held directly by the bank. They will
have a record of the underlying security number of the card, which is
not revealed to the customer and can never be changed.
When a new PIN is selected, an offset generated by a complex hash is
recorded, and the bank will have a record of this offset. This allows
them to issue a PIN reminder without the necessity of storing a
vulnerable list of PIN numbers.
--
Paul Terry
|