In message
, Andy
writes

I know that the PIN is held by the bank, otherwise it would be
very hard for a reminder to be sent.

I don't think that even the PIN is held directly by the bank. They will
have a record of the underlying security number of the card, which is
not revealed to the customer and can never be changed.

When a new PIN is selected, an offset generated by a complex hash is
recorded, and the bank will have a record of this offset. This allows
them to issue a PIN reminder without the necessity of storing a
vulnerable list of PIN numbers.
--
Paul Terry

On Sep 2, 6:46*pm, Paul Terry wrote:
In message
, Andy
writes

I know that the PIN is held by the bank, otherwise it would be
very hard for a reminder to be sent.

I don't think that even the PIN is held directly by the bank. They will
have a record of the underlying security number of the card, which is
not revealed to the customer and can never be changed.

When a new PIN is selected, an offset generated by a complex hash is
recorded, and the bank will have a record of this offset. This allows
them to issue a PIN reminder without the necessity of storing a
vulnerable list of PIN numbers.

Might be true, but the bank can still access the PINs, otherwise the
reminder that you sometimes get with a replacement card, or upon
request, would have to be a new number rather than the advice of the
existing one. So someone with the correct access can still get hold of
your PIN. Some banks (MBNA for the Virgin Credit card is one) even
allow you to get your PIN displayed online, which seems to me to be a
very bad idea.

On Sep 2, 9:19*pm, Andy wrote:

On Sep 2, 6:46*pm, Paul Terry wrote:

In message
, Andy
writes

I know that the PIN is held by the bank, otherwise it would be
very hard for a reminder to be sent.

I don't think that even the PIN is held directly by the bank. They will
have a record of the underlying security number of the card, which is
not revealed to the customer and can never be changed.

When a new PIN is selected, an offset generated by a complex hash is
recorded, and the bank will have a record of this offset. This allows
them to issue a PIN reminder without the necessity of storing a
vulnerable list of PIN numbers.

Might be true, but the bank can still access the PINs, otherwise the
reminder that you sometimes get with a replacement card, or upon
request, would have to be a new number rather than the advice of the
existing one. So someone with the correct access can still get hold of
your PIN. Some banks (MBNA for the Virgin Credit card is one) even
allow you to get your PIN displayed online, which seems to me to be a
very bad idea.

Indeed, that sounds like a spectacularly bad idea!

I don't recall ever getting a reminder of my PIN when a replacement
card came through - the PIN simply remained the same. I think I
remember requesting a reminder from what credit card company or
another in years gone by, and them sending me a brand new PIN.

On 2 Sep, 21:59, Mizter T wrote:
On Sep 2, 9:19*pm, Andy wrote:





On Sep 2, 6:46*pm, Paul Terry wrote:

In message
, Andy
writes

I know that the PIN is held by the bank, otherwise it would be
very hard for a reminder to be sent.

I don't think that even the PIN is held directly by the bank. They will
have a record of the underlying security number of the card, which is
not revealed to the customer and can never be changed.

When a new PIN is selected, an offset generated by a complex hash is
recorded, and the bank will have a record of this offset. This allows
them to issue a PIN reminder without the necessity of storing a
vulnerable list of PIN numbers.

Might be true, but the bank can still access the PINs, otherwise the
reminder that you sometimes get with a replacement card, or upon
request, would have to be a new number rather than the advice of the
existing one. So someone with the correct access can still get hold of
your PIN. Some banks (MBNA for the Virgin Credit card is one) even
allow you to get your PIN displayed online, which seems to me to be a
very bad idea.

Indeed, that sounds like a spectacularly bad idea!

I don't recall ever getting a reminder of my PIN when a replacement
card came through - the PIN simply remained the same. I think I
remember requesting a reminder from what credit card company or
another in years gone by, and them sending me a brand new PIN.- Hide quoted text -

- Show quoted text -

My bank uses a PIN-like four-digit code* plus some security questions,
and I bet that a lot of people will set it to be the same as their PIN
so it's easier to remember. So anyone intercepting the communications
would effectively get a lot of PINs.


*and annoyingly forces you to select them from drop-downs, so that
anyone looking at the screen can see what number you are scrolling to,
although it becomes a * once selected.

On Wed, 2 Sep 2009 18:46:39 +0100
Paul Terry wrote:
When a new PIN is selected, an offset generated by a complex hash is
recorded, and the bank will have a record of this offset. This allows
them to issue a PIN reminder without the necessity of storing a
vulnerable list of PIN numbers.

If the PIN can easily be recreated just using a formula then its just as
vulnerable as if they stored it directly.

B2003

In message , writes

If the PIN can easily be recreated just using a formula then its just as
vulnerable as if they stored it directly.

No, there is no simple formula involved. The data is strongly encrypted
using three independent keys and the PIN can only be regenerated by a
specialist machine that decrypts both the original security number and
the offset used by the customer. It then outputs the PIN to a security
envelope. The only way for a member of the bank staff to see the PIN is
to open the envelope before it is posted, which is why customers are
always warned to check that the envelope has not been tampered with
before using their PIN.

--
Paul Terry

On Thu, 3 Sep 2009 11:32:10 +0100
Paul Terry wrote:
No, there is no simple formula involved. The data is strongly encrypted
using three independent keys and the PIN can only be regenerated by a
specialist machine that decrypts both the original security number and
the offset used by the customer. It then outputs the PIN to a security
envelope. The only way for a member of the bank staff to see the PIN is
to open the envelope before it is posted, which is why customers are
always warned to check that the envelope has not been tampered with
before using their PIN.

I'm sure thats what they put in the sales brochure but reality in these
places its usually a little different. When I worked in the "priviledged"
customer dept in a well known bank a few years ago the supposedly secure
customer details were couriered arround the country on unencrypted floppy
disk and tape. Presumably someone thought that was more secure that
transfering over a dedicated T1 line. Or they were just insane, take your
pick.

B2003

wrote in :

On Thu, 3 Sep 2009 11:32:10 +0100
Paul Terry wrote:
No, there is no simple formula involved. The data is strongly
encrypted using three independent keys and the PIN can only be
regenerated by a specialist machine that decrypts both the original
security number and the offset used by the customer. It then outputs
the PIN to a security envelope. The only way for a member of the bank
staff to see the PIN is to open the envelope before it is posted,
which is why customers are always warned to check that the envelope
has not been tampered with before using their PIN.

I'm sure thats what they put in the sales brochure but reality in
these places its usually a little different. When I worked in the
"priviledged" customer dept in a well known bank a few years ago the
supposedly secure customer details were couriered arround the country
on unencrypted floppy disk and tape. Presumably someone thought that
was more secure that transfering over a dedicated T1 line. Or they
were just insane, take your pick.

B2003




Should be as safe as carting a CD of Social Security data around