So you forgot your PIN.
Maybe you've been relying on your credit card because of the stronger protections and rewards it offers compared to your debit card. Maybe you all but stopped shopping IRL because of the pandemic. Or maybe your brain yeeted it out of your memory for no reason.
Regardless, you're PIN-less, annoyed and asking, why do we need PINs, anyway? And why do financial institutions make them so hard to change?
Well, there's a good reason. Paul Benda, senior vice president for operational risk and cybersecurity at the American Bankers Association, says a PIN — formally, a personal identification number — is the authenticator that makes sure the person who’s using the card is legit.
“It’s kind of like your fingerprint on your phone or the pattern you use to unlock your phone,” Benda says. “It ensures that whoever holds that item is the one authorized to use it.”
Mathematically, there are 10,000 possible ways the numbers 0 through 9 can be used to create a four-digit PIN. If a bad guy can put in three random PIN guesses before the system locks them out, that theoretically means he has a 0.03% chance of guessing correctly and accessing money that doesn’t belong to him.
Here's everything you need to know about how PINs work and what to do if you forget yours.
How PINs prevent fraud
When you enter your PIN into an ATM or card reader, Benda says, the card company or financial institution it's linked to can quickly — and securely — match up your code to your account. Because of this, it’s important to keep your PIN secret.
Cyndie Martini, the president and CEO of Member Access Processing, says that’s long been the message. Martini worked in a credit union’s card processing department in the ‘90s, and part of her job was to encourage members to keep their accounts secure — “don’t share your PIN, make sure people don’t see your PIN, and, really, don’t trust anyone with your PIN.”
In fact, Martini says in the early years, fraudsters would steal debit cards out of mailboxes and come back seven to 10 days later to take the piece of paper containing the PIN.
Why banks are so secretive about PINs
PINs are such a high-security subject that financial institutions typically make customers call or, in some cases, physically come in to reset their PIN.
“There is so much fraud committed now on cards that financial institutions need to be extra careful in how they manage any type of security request,” Martini adds.
On top of that, bank representatives generally can’t access your PIN even if they want to. They’re not being annoying because they think it’s dumb that you forgot your super-important bank code. They can’t tell you what your PIN is because they genuinely don’t know it.
The mechanics vary by bank. Some allow you to reset your PIN via an app, but the most risk-averse “will require voice and verification and standard PIN mailing or a reset that takes a process to make sure that you, the consumer, are not going to bear any kind of fraud from that transaction,” Martini says.
Other providers can reset your PIN with a little machine in-house, but often they can only change it to something generic — not tell you what it used to be.
What to do if you forget your PIN
If you lose or forget your PIN, and think a criminal could use it to access your account, Benda says to contact your bank immediately.
What you shouldn’t do is change your PIN to something easy to remember — this isn’t secure. A data scientist analyzed 3.4 million leaked PINs a few years ago, and he found that nearly 11% of PINs were 1234. Another 6% were 1111. Also in the top 20 most popular PINs were 0000, 1212 and 7777.
Bottom line? If used properly, PINs are safe, and financial institutions make people who forget them jump through hoops for safety reasons.
The landscape is changing with the introduction of biometrics, which Martini says “are definitely the way of the future.” ATMs will eventually start using fingerprints, face scans and palm readings to verify your identity. But PINs probably aren’t going away anytime soon.