Are PIN codes really secure enough?
Since the introduction of the PIN number almost 50 years ago, the system has transformed the way we think about financial security .
Two factor authentication could help improve banking and ATM security alongside PIN numbers, and the time’s never been better for it, writes Clayton Locke.
Since the introduction of the PIN number almost 50 years ago, the system has transformed the way we think about financial security. However, after so many years as the dominant banking security measure, advances in banking technology and increasingly sophisticated anti-fraud techniques have brought up the question of whether it’s time to put the familiar old PIN number out to pasture.
Do customers take ATM security seriously?
Our research shows more than 4 in 10 (41%) UK banking customers have never changed their PIN number, while 19% of banking customers last changed their PIN 15 years ago and 21% haven’t changed it in the last decade. Seeing as the average marriage that ends in divorce in the UK lasts just 11 and a half years, many Britons change their spouse more often than their PIN.
Good sense would seem to tell us that PINs should be changed regularly. Most computers will prompt you to change your password every three months, and online passwords now advise on using a complex and unique combination of upper and lower case characters and numbers. The humble four digit PIN is a measure that’s unfortunately losing confidence amongst banking customers. More than 40% of banking customers don’t believe a PIN is a safe way to log into a cash machine (ATM), and six in ten people want their banks to provide more robust alternative security methods.
2FA and biometrics in ATMs
Banks can help reduce the risks for customers by implementing two factor authentication (2FA) measures in their ATMs. Cardless ATMs – which use mobile authentication rather than PIN – were introduced onto the UK’s high streets in 2012 with RBS and Natwest’s GetCash system. Customers request a six-digit pin on their mobile banking app, which they enter into the ATM to withdraw the amount of cash they need.
Japanese bank Ogaki Kyoritsu Bank has taken the system a step further, enabling customers to use a biometric palm scanner at its ATMs. Customers place their hands on the biometric scanner and enter key details including their PIN and date of birth. They are then able to carry out regular banking tasks without a card, such as withdrawing money, checking balances and making deposits.
Here in the UK, banks don’t necessarily need to go quite so far to enhance ATM security. In spite of people’s reluctance to change their numbers, the PIN still plays a vital role in financial services security, and it’s far too early to talk about retiring the system. However, second factor authentication could help improve security alongside PIN numbers, and the time’s never been better for it.
Mobile banking is exploding, with transactions doubling over the course of the last year, and biometric security has never been more popular. There’s a great opportunity for two factor authentication through either of these channels to work with or independently of the customer’s PIN.
Using such measures, financial services providers could help give customers a far more enhanced and secure banking experience, regardless of whether they ever change their PIN again.
When was the last time you changed yours?