

Ask HN: Why is Target storing PIN numbers? - whyme

I obviously don&#x27;t understand the merchant process as well as I had thought since I had always believed the PIN was only used during the transaction for validation. I was surprised when I discovered, via the Target story, that companies are actually storing my PIN to disk.<p>I&#x27;m seriously wondering why no one else is asking this question in the news, and I&#x27;m considering changing my PIN every week now.
======
ColinWright
Reports are that it was malware on the Point-of-Sale devices:

[http://www.businessinsider.com/target-credit-card-
hackers-20...](http://www.businessinsider.com/target-credit-card-
hackers-2013-12)

------
GnarfGnarf
Target did not store the PINs. Storing PINs is forbidden by the PCI (Payment
Card Industry) rules. If a merchant stores PINs or CVCs (Card Verification
Code), he will lose access to the credit card system, and can't sell nuthin'
no more.

The PINs were skimmed by malware in the POS devices.

Changing your PIN periodically is not a bad idea.

~~~
whyme
The scale of the attack had me thinking the PINs were taken from a server. I
feel much better with the answers provided here, but yeah, I'm still going to
start changing my PIN periodically. At what frequency I'll have to see...

Thanks for all the answers.

------
t0
I think it was a man-in-the-middle attack, so everything _during the
transaction_ was stolen.

