The security of customer-chosen banking PINs

نویسندگان

  • Joseph Bonneau
  • Sören Preibusch
  • Ross Anderson
چکیده

We provide the first published estimates of the difficulty of guessing a human-chosen 4-digit PIN. We begin with two large sets of 4-digit sequences chosen outside banking for online passwords and smartphone unlock-codes. We use a regression model to identify a small number of dominant factors influencing user choice. Using this model and a survey of over 1,100 banking customers, we estimate the distribution of banking PINs as well as the frequency of security-relevant behaviour such as sharing and reusing PINs. We find that guessing PINs based on the victims’ birthday, which nearly all users carry documentation of, will enable a competent thief to gain use of an ATM card once for every 11– 18 stolen wallets, depending on whether banks prohibit weak PINs such as 1234. The lesson for cardholders is to never use one’s date of birth as a PIN. The lesson for card-issuing banks is to implement a denied PIN list, which several large banks still fail to do. However, blacklists cannot effectively mitigate guessing given a known birth date, suggesting banks should move away from customer-chosen banking PINs in the long term.

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Identifying customer preferences in using e-banking services

Clients are the vital artery of every industry and business. Maintaining these customers is one of the most important tasks of any business, especially banks.  The  specific needs  of  customers and  the increasing compe- tition in the banking services market have led banks to create structures that can respond flexibly to these needs. Obviously, one of the important points is that moving to th...

متن کامل

Identifying customer preferences in using e-banking services

Clients are the vital artery of every industry and business. Maintaining these customers is one of the most important tasks of any business, especially banks.  The  specific needs  of  customers and  the increasing compe- tition in the banking services market have led banks to create structures that can respond flexibly to these needs. Obviously, one of the important points is that moving to th...

متن کامل

A Framework for the Integration of Biometric Into Nigerian Banking ATM System

The use of ATMs is a good innovation but the current use of Personal Identification Numbers (PINs) for verifying the customer is plagued with several limiting factors and security flaw. There is therefore the need to employ more secured verification/authentication technique which is uniquely different for every customer. In this paper, we propose the use of biometrics; a 1 / 4

متن کامل

Introduction of a Framework for Customer Orientation Using Ambulant E-Banking Services Marketing (Case Study: Mellat Bank in Isfahan)

E-banking (electronic banking) is the modified business banking toward E-business (electronic business) banking that actually uses the electronic communication channels such as internet, phones, cell phones and the like. By using this method, the demands of customers such as time independent and high flexible actions are satisfied. In this process, marketing is so important because guiding cust...

متن کامل

Introduction of a Framework for Customer Orientation Using Ambulant E-Banking Services Marketing (Case Study: Mellat Bank in Isfahan)

E-banking (electronic banking) is the modified business banking toward E-business (electronic business) banking that actually uses the electronic communication channels such as internet, phones, cell phones and the like. By using this method, the demands of customers such as time independent and high flexible actions are satisfied. In this process, marketing is so important because guiding cust...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 2012