On Wed, 2 Sep 2009 18:46:39 +0100
Paul Terry wrote:
When a new PIN is selected, an offset generated by a complex hash is
recorded, and the bank will have a record of this offset. This allows
them to issue a PIN reminder without the necessity of storing a
vulnerable list of PIN numbers.

If the PIN can easily be recreated just using a formula then its just as
vulnerable as if they stored it directly.

B2003