Is the Pin number on my Debit / Credit cards stored on the card itself in an encrypted form ?
Or is it held on a central database somewhere and verified over a network when I type it in?
I can see either would work, but can’t decide which is more vulnerable.
In the UK, the PIN is stored on the card - I’m not sure if it’s encrypted or hashed or something, but for a four-digit number, encryption is not necessarily going to achieve much anyway.
Neither. It’s derived from your account number, which is then encrypted with 3DES and offsetted. The derived number is then sent to a HSM (a secure computing device inside every ATM) which verifies it correct.
I gleened this information from a talk given by a guy who specialises in finding weakneses in these protocols. Here’s some slides from a talk that he gave our class.
How could you change your PIN if this were true?
How the hell could it be on the card or have anything to do with the account number when all I have to do to change it is send in a letter or stop by the bank and they’ll change my PIN without touching my card or changing my account number.
I believe it is implemented differently elsewhere, but in the UK, it’s stored on the card - this has been quite widely criticised as a security flaw.
Judging from the facts that
-I could not get a card with the same PIN as a replacement when my bank card broke mechanically
it seems to me that
I have read of cards in some countries that allow customer-selected PINs (an user-friendly feature, obviously), but those seem to store a constant, encrypted PIN plus an unencrypted user-defined numerical offset to that PIN on the card.
That sucks. So you don’t get to choose your own PIN when you apply for the card or open the account? What if you want to change it occassionally? You can’t change the number? All my cards except one have the same PIN.
This is definitely different here - my replacement cards have the same PIN (so the bank must have it stored somewhere, in some form, also, I can use it in machines that have no network connection (portable credit card terminals at a trade show, for example).
You can change it at the ATM - which I suppose is a good thing, in a way, since it doesn’t require disclosing the new PIN to a human.
Oh that’s neat. Seems more convenient too.
I kind of wish they’d let us have two PINs though - one for using the card in a shop and another for the ATM - if anyone manages to see me type in my PIN when I buy something, then follows me and picks my pocket, they can withdraw money from my account.
No one looked at the thread title and screamed inside, It’s not a PIN number!?
At least there wasn’t a follow up ATM machine comment. 
Things have changed, it used to be on the card itself, and there are banks where this is still the case. For the most part however it is now stored within the bank and can be changed without ever seeing or touching the card.
I’ve been told that it was a speed issue, its due to the fact that more ATM machines have switched their communication method from a dial up connection to broadband. This is also the reason why most ATM machines are now able to give you an updated or correct balance, which wasn’t always the case in the past especially in smaller banks.
So if your bank is smaller or just behind the times, its possible that the PIN is still encrypted in the card rather than on the bank level.
I found this:
From here: Google Answers: How do credit cards work?
Scroll down about half way.
I don’t see that the actual PIN has to be stored anywhere. The way I imagine PIN generation works is: Bank’s computer generates PIN; prints PIN in secure envelope to send to you; generates hash of PIN + account number (for example; something that is also stored on your card, anyway); stores hash on bank’s computer and your card; discards PIN.
Unless that’s what you meant by “stored in some form”.
I find this unconvincing as a security measure. Just how secure can this one-way cryptographic system be, given that a PIN is only 4 digits long? Surely if you had the cipher and the key, you could just try all 10,000 possible PINs to see which PIN converted into the correct cipher. You could do that in a matter of seconds with the right software. There’d be no need to work the encryption in reverse at all.
You still have to authenticate the hash against the bank’s database. They would notice very quickly if you try more than a few authentication attempts on the same account in a short time.
They could also include some “salt”, a random number to be combined with the PIN before hashing.
I think I agree that it doesn’t have to be, but it is.