My understand is that for passwords to be safe they need lots of characters, upper and lower case, numbers and some symbols. So, how can a 4-digit number be safe to secure your debit cards?
The physical card is also required.
No password is 100% secure. But without access to your ATM card, your PIN is pretty much useless to a would-be thief. And without your PIN, your ATM card isn’t much use, if the thief just wants quick cash. So you have two pretty strong layers of security right there.
And it’s true, the longer the password, the less vulnerable it is to a “brute force” cracking (where a computer simply makes guesses until it gets the password right), because the longer the password, the larger the number of possible combinations, and the smaller the chances of a random guess being correct. However, most ATMs keep the card and lock out the user if they get the PIN incorrect a certain number of times, so the odds of guessing the right PIN at an ATM in 3-5 attempts are pretty low. Your odds of success are n/10000 (assuming the PIN could be anything between 0000 and 9999) where n=the number of incorrect PINs the machine allows the user to enter before locking them out.
That doesn’t stop them from going to a store, using your card to make a purchase, and selecting “credit” on the machine, since you aren’t asked for a PIN when you do that. But in that case, a PIN with Graham’s Number of digits would be just as useless.
nm
Lots of varying characters don’t make a password safer. They make it harder to guess, and easier to disguise in some contexts, and sometimes it is easier to detect attempts to guess a password when there are rules applied.
A password is a secret. Tell it to someone else and it’s not a secret anymore.
Well, it’s only part of a two-factor authentication system–you need the physical card as well as the PIN in order to access the account. But yeah, it’s not really all that secure. That’s part of why there are daily limits on debit withdrawals–to limit the bank’s exposure and yours.
Because you can’t just keep trying other numbers, basically. After a small number of attempts, the card will be locked out and any attempt to use it will raise flags in various places.
Meanwhile, if you encrypt a file, say, with a password, and someone obtains a copy of the file, they can try all possible passwords at their leisure. In that case, you need a stronger password. (There’s no need for it to contain numbers or symbols or members of any particular set of possible characters, by the way. It just needs to be random enough and long enough.)
Where in the world is this true? Both debit and credit card transactions have required a PIN for some years now everywhere I’ve used them.
I have never used a PIN with a credit card at any time. Any credit card, ever.
In the US a PIN is only required for a debit transaction whereas with a credit transaction all you need is a signature that no one pays attention to anyways.
I live in the US and I’ve never had to enter a PIN for a credit card purchase. That includes simply selecting “credit” as opposed to “debit” on a credit card machine at a store, when using a debit card linked to a checking account.
Your first line of defense is the minimum-wage register biscuit who’s supposed to check your ID when you make a purchase with a credit card, and make sure that your name matches the one on the card.
It’s a pretty weak line of defense.
I don’t know if it’s still the case, but the last time I looked, checking an ID as a policy was against their merchant agreement (if there’s a problem, that’s different). They’re supposed to match the signature, but that’s it.
Also, while we’re here. If you write “SEE ID”, “CID”, “CHECK ID” or anything else like that on your card, it’s technically not valid. If you look at your card it says ‘not valid unless signed’ but that’s a whole 'nother thing.
They are absolutely not supposed to do this, most merchant agreements that I have seen specifically prohibit the practice.
I ask because my niece used an ATM at a casino to get some cash, and someone got the info and used it to buy stuff online. Is just having the card number sufficient to use a debit card to make purchases online?
Hmm, I wondered what that “credit or checking” option was when using cards in the US, I mean… can’t you tell, you stupid machine?? 
In the UK we switched over to the PIN system for both credit and debit cards about 7 years ago, and I thought we were behind the times (mainland Europe has had it for ages).
I never knew that. (And I’ve been asked plenty of times to show my ID.) Why is that?
The PIN wouldn’t be needed for online purchases.
The thing is, even if you’re using a debit card, you can still select “credit” and it will work. It still just deducts the money from your checking account, but you don’t have to enter a PIN. You just (in theory) have to show your ID and sign the receipt which will (again, in theory) be checked against the signature on the back of the card.
Still, I’ve heard that there’s some advantage to using the “credit” option. Someone told me that it can give a small boost to your credit rating since, as far as the system is concerned, you’re incurring credit card debt, and paying it at the same moment. I don’t know if that’s true, though.
Because using a credit card is all about speed. The credit card company wants you to be able to complete your transaction as quickly and conveniently as possible, so you use it more often. If you have to dig around for your ID or hit a minimum amount, you might just end up using cash. The credit card company is willing to take the risk of some bad charges in order to get more people to use their cards more often.
I don’t think that would be true since no one is going to report it to the credit bureaus.