Many companies featured on Money advertise with us. Opinions are our own, but compensation and
in-depth research may determine where and how companies appear. Learn more about how we make money.

Published: May 28, 2021 6 min read
Forgetful man stands atop a giant asterisk representing a secret pin number that he has forgotten.
Rangely Garcia / Money

So you forgot your PIN.

Maybe you've been relying on your credit card because of the stronger protections and rewards it offers compared to your debit card. Maybe you all but stopped shopping IRL because of the pandemic. Or maybe your brain yeeted it out of your memory for no reason.

Regardless, you're PIN-less, annoyed and asking, why do we need PINs, anyway? And why do financial institutions make them so hard to change?

Well, there's a good reason. Paul Benda, senior vice president for operational risk and cybersecurity at the American Bankers Association, says a PIN — formally, a personal identification number — is the authenticator that makes sure the person who’s using the card is legit.

“It’s kind of like your fingerprint on your phone or the pattern you use to unlock your phone,” Benda says. “It ensures that whoever holds that item is the one authorized to use it.”

Mathematically, there are 10,000 possible ways the numbers 0 through 9 can be used to create a four-digit PIN. If a bad guy can put in three random PIN guesses before the system locks them out, that theoretically means he has a 0.03% chance of guessing correctly and accessing money that doesn’t belong to him.

Here's everything you need to know about how PINs work and what to do if you forget yours.

Ads by Money. We may be compensated if you click this ad.AdAds by Money disclaimer
Protect yourself from the threat of Identity Theft
With comprehensive and affordable Identity Theft Protection software, Aura will secure your personal information. Click your state to get the protection you deserve.
HawaiiAlaskaFloridaSouth CarolinaGeorgiaAlabamaNorth CarolinaTennesseeRIRhode IslandCTConnecticutMAMassachusettsMaineNHNew HampshireVTVermontNew YorkNJNew JerseyDEDelawareMDMarylandWest VirginiaOhioMichiganArizonaNevadaUtahColoradoNew MexicoSouth DakotaIowaIndianaIllinoisMinnesotaWisconsinMissouriLouisianaVirginiaDCWashington DCIdahoCaliforniaNorth DakotaWashingtonOregonMontanaWyomingNebraskaKansasOklahomaPennsylvaniaKentuckyMississippiArkansasTexas
Protect My Identity

How PINs prevent fraud

When you enter your PIN into an ATM or card reader, Benda says, the card company or financial institution it's linked to can quickly — and securely — match up your code to your account. Because of this, it’s important to keep your PIN secret.

Cyndie Martini, the president and CEO of Member Access Processing, says that’s long been the message. Martini worked in a credit union’s card processing department in the ‘90s, and part of her job was to encourage members to keep their accounts secure — “don’t share your PIN, make sure people don’t see your PIN, and, really, don’t trust anyone with your PIN.”

In fact, Martini says in the early years, fraudsters would steal debit cards out of mailboxes and come back seven to 10 days later to take the piece of paper containing the PIN.

Why banks are so secretive about PINs

PINs are such a high-security subject that financial institutions typically make customers call or, in some cases, physically come in to reset their PIN.

“There is so much fraud committed now on cards that financial institutions need to be extra careful in how they manage any type of security request,” Martini adds.

On top of that, bank representatives generally can’t access your PIN even if they want to. They’re not being annoying because they think it’s dumb that you forgot your super-important bank code. They can’t tell you what your PIN is because they genuinely don’t know it.

The mechanics vary by bank. Some allow you to reset your PIN via an app, but the most risk-averse “will require voice and verification and standard PIN mailing or a reset that takes a process to make sure that you, the consumer, are not going to bear any kind of fraud from that transaction,” Martini says.

Other providers can reset your PIN with a little machine in-house, but often they can only change it to something generic — not tell you what it used to be.

Ads by Money. We may be compensated if you click this ad.AdAds by Money disclaimer
Having your identity stolen online may come at a high cost
With Aura in your corner, you'll have the proper software to protect your every online move. Nowadays, we all need Identity Theft Protection. Find yours by clicking below.
View Plans

What to do if you forget your PIN

If you lose or forget your PIN, and think a criminal could use it to access your account, Benda says to contact your bank immediately.

What you shouldn’t do is change your PIN to something easy to remember — this isn’t secure. A data scientist analyzed 3.4 million leaked PINs a few years ago, and he found that nearly 11% of PINs were 1234. Another 6% were 1111. Also in the top 20 most popular PINs were 0000, 1212 and 7777.

Bottom line? If used properly, PINs are safe, and financial institutions make people who forget them jump through hoops for safety reasons.

The landscape is changing with the introduction of biometrics, which Martini says “are definitely the way of the future.” ATMs will eventually start using fingerprints, face scans and palm readings to verify your identity. But PINs probably aren’t going away anytime soon.

More from Money:

Criminals Are Selling Millions of Stolen Credit and Debit Card Numbers on the Dark Web

Why Companies Ask for Your Billing and Shipping Addresses (and Why They Actually Matter)

'Will That Be Debit or Credit?' The Answer Is Trickier Than You Think