Personal identification number

A personal identification number (PIN), or sometimes redundantly a PIN number, is a numeric or alpha-numeric password used in the process of authenticating a user accessing a system.The problem with guessable PINs surprisingly worsens when customers are forced to use additional digits, moving from about a 25% probability with fifteen numbers to more than 30% (not counting 7-digits with all those phone numbers). In fact, about half of all 9-digit PINs can be reduced to two dozen possibilities, largely because more than 35% of all people use the all too tempting 123456789. As for the remaining 64%, there's a good chance they're using their Social Security Number, which makes them vulnerable. (Social Security Numbers contain their own well-known patterns.) A personal identification number (PIN), or sometimes redundantly a PIN number, is a numeric or alpha-numeric password used in the process of authenticating a user accessing a system. The personal identification number has been the key to flourishing the exchange of private data between different data-processing centers in computer networks for financial institutions, governments, and enterprises. PINs may be used to authenticate banking systems with cardholders, governments with citizens, enterprises with employees, and computers with users, among other uses. In common usage, PINs are used in ATM or POS transactions, secure access control (e.g. computer access, door access, car access), internet transactions or to log into a restricted website. The PIN originated with the introduction of the automated teller machine (ATM) in 1967, as an efficient way for banks to dispense cash to their customers. The first ATM system was that of Barclays in London, in 1967; it accepted cheques with machine-readable encoding, rather than cards, and matched the PIN to the cheque. 1972, Lloyds Bank issued the first bank card to feature an information-encoding magnetic strip, using a PIN for security. James Goodfellow, the inventor who patented the first personal identification number, was awarded an OBE in the 2006 Queen's Birthday Honours. In the early 1970s, Mohamed Atalla invented a hardware security module dubbed the 'Atalla Box', a security system which encrypted PIN and ATM messages, and protected offline devices with an un-guessable PIN-generating key. He founded Atalla Corporation (now Utimaco Atalla) and introduced the 'Atalla Box' in 1973. His work led to the use of PIN-based hardware security modules. Its PIN verification process was similar to the later IBM 3624. The Atalla Box is still widely used, as of 2016. By 1998 an estimated 70% of all ATM transactions in the United States were routed through specialized Atalla hardware modules, and by 2003 the Atalla Box secured 80% of all ATM machines in the world, increasing to 85% as of 2006. In the context of a financial transaction, usually both a private 'PIN code' and public user identifier is required to authenticate a user to the system. In these situations, typically the user is required to provide a non-confidential user identifier or token (the user ID) and a confidential PIN to gain access to the system. Upon receiving the user ID and PIN, the system looks up the PIN based upon the user ID and compares the looked-up PIN with the received PIN. The user is granted access only when the number entered matches with the number stored in the system. Hence, despite the name, a PIN does not personally identify the user. The PIN is not printed or embedded on the card but is manually entered by the cardholder during automated teller machine (ATM) and point of sale (POS) transactions (such as those that comply with EMV), and in card not present transactions, such as over the Internet or for phone banking. The international standard for financial services PIN management, ISO 9564-1, allows for PINs from four up to twelve digits, but recommends that for usability reasons the card issuer not assign a PIN longer than six digits. The inventor of the ATM, John Shepherd-Barron, had at first envisioned a six-digit numeric code, but his wife could only remember four digits, and that has become the most commonly used length in many places, although banks in Switzerland and many other countries require a six-digit PIN. There are several main methods of validating PINs. The operations discussed below are usually performed within a hardware security module (HSM). One of the earliest ATM models was the IBM 3624, which used the IBM method to generate what is termed a natural PIN. The natural PIN is generated by encrypting the primary account number (PAN), using an encryption key generated specifically for the purpose. This key is sometimes referred to as the PIN generation key (PGK). This PIN is directly related to the primary account number. To validate the PIN, the issuing bank regenerates the PIN using the above method, and compares this with the entered PIN.