On Sep 2, 9:19*pm, Andy wrote:

On Sep 2, 6:46*pm, Paul Terry wrote:

In message
, Andy
writes

I know that the PIN is held by the bank, otherwise it would be
very hard for a reminder to be sent.

I don't think that even the PIN is held directly by the bank. They will
have a record of the underlying security number of the card, which is
not revealed to the customer and can never be changed.

When a new PIN is selected, an offset generated by a complex hash is
recorded, and the bank will have a record of this offset. This allows
them to issue a PIN reminder without the necessity of storing a
vulnerable list of PIN numbers.

Might be true, but the bank can still access the PINs, otherwise the
reminder that you sometimes get with a replacement card, or upon
request, would have to be a new number rather than the advice of the
existing one. So someone with the correct access can still get hold of
your PIN. Some banks (MBNA for the Virgin Credit card is one) even
allow you to get your PIN displayed online, which seems to me to be a
very bad idea.

Indeed, that sounds like a spectacularly bad idea!

I don't recall ever getting a reminder of my PIN when a replacement
card came through - the PIN simply remained the same. I think I
remember requesting a reminder from what credit card company or
another in years gone by, and them sending me a brand new PIN.