Brits urged to choose more secure PIN numbers

| September 25, 2012
Brits urged to choose more secure PIN numbers

A new report from analytics firm Data Genetics suggests that criminals can guess PIN numbers 10 per cent of the time purely because people are choosing PIN numbers that are easy to remember.

Data Genetics found that one in nine people use “1234” as their PIN number when withdrawing cash at ATMs or making payments at retail outlets.

1234 is also the most common online PIN number.

This gives criminals a one in ten chance of accessing bank accounts or cash from ATMs with a simple guess.

The study, which analysed a database containing 3.4 million four-digit passwords, found that most people chose a PIN that has some relevance to them.

Birth dates are a common choice, with every year from 1900 to 1999 featuring in top 20 per cent of most popular PINS.

Other popular choices include “1111” and “0000”, while “8068” was used the least number of time with just 0.000744 per cent of people using it as their PIN.

The four-digit passwords analysed by Data Genetics were compiled from lists of PINs which have been leaked to hackers in recent years.

Although the codes are computer passwords not ATM PINs, Data Genetics suggests that it is reasonable to assume that many users would use the same password for both areas.

Meanwhile, Professor Ross Anderson of Cambridge University, has uncovered a vulnerability in the Europay, MasterCard and Visa (EMV) authentication process.

This could explain cases when a PIN number has been used to withdraw money from a customer’s bank account without the customer’s knowledge.

Currently, banks claim that EMV is secure and assume that, if a PIN is used, a customer is mistaken if they claim they did not make the withdrawal.

This has led to customers not receiving any compensation for their loss.

Researchers have now uncovered a possible problem with the ‘unpredictable numbers’ used as a key part of EMV authentication.

Rather then being unpredictable, each number was found to share 17 bits in common and the remaining 15 looked at first glance like a counter.

This could allow EMV cards to be cloned by criminals in a so-called ‘pre-play attack’.

Banks claim that this type of fraud would be complicated and there is no evidence of it happening in the real world.

Tags: , ,


Comments (0)

Trackback URL | Comments RSS Feed

There are no comments yet. Why not be the first to speak your mind.

Comments are closed.