PersonalisedPIN - Security
The PersonalisedPIN solution provides a secure environment for cardholders to select a PIN. Features such as trivial PIN checking will prevent cardholders from selecting insecure PINS such as 1111, 1234 or 9876.
The Customer Select PIN (CSP) system uses tamper resistant equipment such as Hardware Security
Modules (HSM) and encrypting PINpads, and cryptographically secure processes for key
initialisation and key management. Data is encrypted prior to transmission, and the
integrity of the transmitted data is verified upon receipt.
The challenge in using ATMs for PIN change
|•||A major concern is the lack of security in a public environment. Customers may have difficulties completing the PIN change process because of the lack of familiarity with the process. In a worst case scenario, they might ask assistance from a waiting queue. Unscrupulous shoulder surfers could observe the entry of the new PIN.|
|•||With unattended devices, i.e. an ATM,it could be more difficult to communicate to customers why insecure PINs, e.g. sequential numbers such as 1234, are being rejected.|
|•||ATMs cannot instantly re-issue a lost or stolen card.|
|•||ATMs cannot change forgotten PIN, or valid cards.|
The risks of sending new cards and the inconvenience to customers
|•||Avoid theft and all risks associated with sending a card through the postal system with MillenTech’s PersonalisedPIN system. PersonalisedPIN reduces the risk of replacement by offering an in-branch solution by directly handing the card to the customer.|