I have a relative with numerous cards - credit cards, government program cards, etc. All of these cards share one thing in common - they all have the same PIN code. Not only the same PIN code, but the 4 digit code is birthday related. My question - shouldn’t the software that is used to allow someone to pick a code also reject anything birthday, address, or phone number related? Doesn’t a code like that make it too easy to use the card if stolen or lost?
I’m guessing here, but I suppose the software that checks if the chosen PIN is sufficiently secure has no access to the database of personal data such as address and birthday. It would in itself be a vulnerability if it had such access.
The fact that your relative is letting people know that their cards all have the same birthday-derived PIN strikes me as a bigger security risk than the fact that they do all have the same birthday-related PIN.
I’m not sure about that. The PIN comes into play when someone has the physical card in their possession. And your birthday is on your drivers license, which is quite likely to come into their possession at the same time.
If most people don’t do this, a thief wouldn’t suspect you do.
But relying on psychology when you can simply not provide them with the information does not seem like a good plan.
But if some people do do it, then a thief might try this approach:
First, take all the cash out of the wallet. Find an ATM, then as a first guess at the PIN, try their mmdd birthday off their driver’s license. If that doesn’t work, as a second guess try their 4-digit street address. If that doesn’t work, try 1234 and if that works withdraw as much as you can. If nothing works & the machine eats the card go steal another wallet.
Seems like a very low percentage plan
8068 is the least popular PIN. So if we all used 8068 we could put and end to this kind of fraud overnight.
You forgot "try ‘Joshua’ ".
This is from 2010, but claims that 20% of people use their birthday.
I don’t disagree.
But given that you’re a thief and have someone’s wallet with ATM card, driver’s license, and perhaps a couple other cards, how do you maximize the value to you of that ATM card?
Of course one can up the criminal ante by going to the address on the driver’s license, doing a home invasion, then dragging the victim to the ATM at gunpoint. But as a non-violent criminal I’d prefer a less up close and personal form of theft.
So maybe it’s not so dumb to use your birthday as your PIN. The pickpocket gets their money right away, no home invasions ensues, and the bank eats the loss.
Or would the bank hold you liable if they checked and discovered your PIN was your birthday or 1234? I think you’d have a pretty strong case that the bank should have barred you from using it at the time you selected your PIN if they didn’t like it.
Don’t most ATMs have cameras? I’d be surprised if many thieves even bother trying to use a stolen card at an ATM.
Why not just put on a hoody and mask?
My now-deceased first wife was a banking attorney.
You’d be amazed at how much ATM fraud and theft goes on despite the very obvious camera staring back at you as you face the machine. Plus, at least for ATMs on bank premises, the other cameras watching the approaches to the ATM.
Street criminals are many things. In general, smart and careful are not in their repertoire. Same applies for amateur 16yo delinquents with Mom’s card. Some folks do a good job hiding their face with hat & glasses & such. Most of them smile big for the camera they’re not thinking of while it matters.
Heh heh. You said “doo-doo.”
Indeed, something like one’s birth date or street address makes a very bad PIN from a security standpoint, since they are so easily guessed by anyone who has access to this information. (Although I admit I’ve done this in situations where I was required to have a PIN but I wasn’t worried about its security.)
On the other hand, a PIN consisting of a random sequence of digits with no significance is also a bad idea if it means you can’t remember it so you write it down and keep it with your card.
Aha! I can exclude any numbers that have any significance when I try to crack your PIN.
One of my former co-worker’s wife worked in a bank. (Which annoyed him to no end because we’d all assume he as a result could answer all these bank-type questions.)
She once mentioned that one of her jobs was reviewing camera footage when people disputed their withdrawals, back in the early 90’s when ATM’s first became widely available. The problems fell into two categories mainly - the client themselves, but so obviously drunk you could tell it on camera and they had no memory of that; or their teenage kids, who knew where mommy kept her cards and were smart enough to figure out the PIN - either shoulder-surfing or mommy told them because the little angels wouldn’t steal, would they?
Or there was a fellow who blithely complained to us that the bank had put a delay on his deposits being accessible after he put $5 in an envelope and told the ATM it was a $50 deposit so he could withdraw $50. He didn’t see why they did that.
My PIN was for years the same one assigned to me randomly by a different bank when I first got an ATM card in the late 80’s. Similarly, my password for email for decades was a variation on the first Compuserve password assigned to me randomly - had to change some non-letters depending on what special characters were acceptable. I just never share that.
People who use something familiar remind me of the story of how people like Paris Hilton got hacked - the guy in Romania just read up about them on websites, tried all sorts of things, and allegedly then name of her dog (who appeared in many of her online photos) was her password. At the very least, add a variation of 99!$ at the end.
When I was setting up usernames at my job, I used to tell people the first task was to change their password - and if they use one of their children’s names, “your other kids will eventually find out your password and know who your favourite is…” Worse yet is “Mom!? You like to dog better than me?”
Please tell me that’s a typo.