More manifestation of my idiocy. Or is it?
Today I tried to withdraw money from my Canadian bank account at one of these neat Japanese ATMs that support, among others, the Plus ATM network … only to realise that I cannot recall my PIN - for the 5th fucking time. I tried only a second time because I was afraid the third time would invalidate my bank card. And why do I have such a high tendency to forget my PIN? It’s because I almost never use it. I almost always rely on credit card and web banking (the password of which is a lot more secure yet easier to remember than my PIN). Furthermore, as a security paranoid, I never write down my PIN and I don’t use any part of my address, telephone number, or birthday as PIN.
Thank god I remember the PIN to my Hong Kong bank account, which by chance is also Plus ATM compatible. So I withdrew money from my HK bank account instead. Problem solved.
It still bugs me that many banks still rely on 4- to 6-digit PINs though. What’s the biggest temptation for non-security-conscious people when creating such a PIN? I’m just guessing but I’m probably not far off: birthday or last digits of telephone number. Why haven’t banks switched to biometrics already? It’s more secure and more convenient than the PIN anyway. Border control at many countries already uses fingerprint (+ facial recognition between Hong Kong and China). Considering that some countries are paranoiac about terrorists, if border control can rely on biometrics to identify people, why can’t banks use the same technology for stuff that is not even immediately life-threatening? Cost does not seem to be a valid impedance to implementing biometrics at ATMs. Who says banks must replace all ATMs at once? Can’t they start by installing a new one at every branch (or the biggest ones) first, and slowly phase out the old, PIN-only models.
Am I missing something?
September 3rd, 2007 at 11:03 am
Well, it’s mostly for legacy reasons. While there are banks in the world that do most of their business online, some don’t even have client cards! The plus system took lots of effort to get everybody to agree on a standard and use it. Now, if we are to change things, we’d have to start that from scratch. It’s not a technology problem, it’s another one of these “people problems”.
Also, the security context in the day wasn’t quite what we have today. The pin doesn’t have to be 100% secure, since the possession of the card is also part of the authentication. Obviously, today’s realities have changed, people are actually cloning these cards, and if the system was to be redesigned today, I am pretty sure many things would have been done differently.