Personal Identification Numbers (PINs) help to reduce fraud with Automatic Teller Machine (ATM) and debit cards — and even with credit cards, to a certain extent. Usually, when you issue these types of cards to your customers, you also send them a PIN or give them the ability to choose their own PIN. This feature provides an additional layer of security from fraudulent transactions.
How Do PINs Work?
When someone makes a purchase with a debit card or withdraws cash with an ATM card, the card reader takes information about the account from the card. Traditionally, a magnetic strip featuring millions of tiny particles holds this information, but now, most cards have Europay Visa Mastercard (EMV) chips, which contain similar details. The magnetic strip holds static information, while the EMV chip creates a one-time code with the information needed to access the consumer’s account.
The ATM or point-of-sale (POS) equipment gathers information from the card and sends it, along with the amount of the transaction, to the card issuer’s bank. As an additional verification step, the machine requests the card’s PIN; once the PIN is entered correctly, the issuing bank approves the transaction and withdraws the funds from the cardholder’s account so they can be dispatched to the merchant’s account.
How Do PINs Reduce Fraud?
In the above scenario, the transaction cannot be processed without the correct PIN. If a thief steals someone’s ATM or debit card, they can’t withdraw funds or make purchases because they don’t have the PIN. This fact helps to reduce the potential for fraud.
Are All Debit Cards Secured with PINs?
All debit cards come with a PIN, but the PIN is not required in every situation. When you put a debit card into an ATM, you cannot withdraw money, check your account balance, or do anything else without entering the PIN associated with the card. Similarly, when you run a debit card through a POS card reader, you may also have to enter the PIN to complete the transaction.
However, not all instances require a PIN to be entered. With some POS terminals, cardholders can also choose to run debit cards as credit cards. In these situations, they don’t have to enter the PIN, but they may have to sign for the transaction. Additionally, some merchants set up their systems so that purchases under a certain amount can be approved automatically without a signature or a PIN.
In most cases, if you’re making a purchase online, you don’t have to enter the card’s PIN. Instead, you enter the card number, expiration date, and the cardholder’s name. In some cases, you may also be prompted to enter the billing address for the card and the three-digit security code on the back of the card. This setup allows thieves to use debit cards for online purchases without knowing their PINs.
Chip-and-PIN Vs. Chip-and-Signature
With the rise of EMV chips, the two main fraud prevention tools for debit cards have become chip-and-PIN or chip-and-signature. These two options offer different levels of security for cardholders and financial institutions.
In 2015, the United States started using EMV chips. Card issuers were required to put these chips in debit and credit cards, and merchants had to upgrade to POS equipment that could read the chips. This technology was popular in much of the world long before it was adopted in the United States. In most of the world, chips were paired with PINs. Whether consumers were using a credit or debit card, they had to enter a PIN.
However, the United States did not take this route. Instead, the country veered toward chip-and-signature transactions. The chip itself made transactions more secure, but not requiring a PIN sacrificed some degree of security. This may be one of the reasons the United States endures a disproportionate amount of credit and debit card fraud than other countries.
Most Common PINs
PINs can prevent a lot of fraud from happening. In particular, if a thief takes a card but doesn’t have the PIN, they can’t drain money from your customers’ accounts at the ATM and they will also struggle to make in-person purchases. Unfortunately, however, many people use PINs that can be easily guessed by thieves and scam artists.
While some PINS are six digits, the majority of PINs are four digits long. Four digits gives you the opportunity to make 10,000 different PIN numbers. However, when researchers reviewed 3.4 million PINs, they discovered that many cardholders weren’t being creative with their 10,000 different options. Instead, researchers saw the same easy-to-guess PINs over and over again. Approximately 11% of cardholders use 1234 as their PIN, another 6% use 1111, and 1.8% of people use 0000.
Based on this data, if a thief has a debit or ATM card and they try the three most popular PINs, they have an 18.8% chance of being able to access that account. That’s nearly a one-in-five chance of success. Often, people use their birth dates — which are also relatively easy for thieves to find out. Cardholders need to understand the importance of choosing a secure PIN to avoid degrading the security features of the card. If you run a financial institution, you should reach out to your customers about this issue.
Tips for Safeguarding PINs
To ensure your financial institution gets the most benefits possible from PINs, make sure that your PIN generating practices are secure. You should never mail PINs to customers with their cards. Rather, the PINs should always be sent separately.
If you like, you can allow customers to select their own PINs, but randomly generated PINs tend to be more unique and harder for thieves to guess. If you let customers choose their own PINs, urge them to stay away from popular numbers like the ones listed above or 0007, 2001, or obvious patterns such as choosing 9713 (the corner numbers on a keypad).
Also, give customers a few tips on how to safeguard their PINs. Ideally, they should know to only use ATMs if they have space and privacy from the next person in line. They may want to use their free hand to block the hand putting in the PIN if they need extra privacy from employees, security cameras, or other customers in a store. They should also check for skimmers and be sure never to give their PIN over the phone or online.
A PIN offers a lot of security against debit card fraud, but it is not a flawless fraud protection tool. To truly protect your financial institution and your customers, you need the right products, services, and solutions. To find out how SQN Banking Systems can help you detect and reduce fraud, contact us today.