

Bank says you cannot change your Pin code - rajib

I recently have a new Bank account from S-Pankki (https:&#x2F;&#x2F;www.s-pankki.fi&#x2F;), they send me Card and Pin code by post. When I wanted to change the pin-code it wasn&#x27;t possible to do so. I asked them how to change it, they replied: &quot;@rajibmp If you forgot your pin code, we can send you the same one. If you lost the code, you can order a new card with a new pin. &quot;<p>I&#x27;d like to know What might be the security measures behind these kind of approaches for not letting users change their own pin-code? (I know I can ask them, I did too, but I am looking for general views regarding cyber security with these kind of practices)
======
nmc
In most cases, the PIN is not directly related to the card: the link only
exists in the bank database. So it should be technically possible to change
it. Some banks allow it in some countries, and may even _recommend you
regularly change your PIN_ for security reasons.

However, such policy may introduce a security breach. Some banks allow you to
change PINs at an ATM (after you already entered the original PIN), but with
some other banks you can change PINs _by phone_ and _without giving the
original PIN_. Maybe your bank just chose the easy way to avoid all those
questions.

~~~
rajib
yes but this approach means the Pin code has lifetime of its card. If my
girlfriend peek at me typing pin while paying in counters, I have to hide my
card from her reach for 3 years just to avoid extra charges or ordering new
card. :D

On a serious note, the bank staff who packs my Pin to send again will already
know my Pin, how come this be secure. Shouldn't bank encrypt the Pin codes in
their database? so, if I lost my pin they will issue new one and store its
encrypted value in database?

~~~
nmc
_> this approach means the Pin code has lifetime of its card_

Of course, that's the big downside of not allowing PIN change. If the PIN is
compromised, then the card is compromised. However, from my experience the re-
issuing of a compromised card was always free.

 _> Shouldn't bank encrypt the Pin codes in their database?_

Well, encryption is two-way: there is decryption. I assume you meant "salted
hash" here — which is only one-way.

If PINs are encrypted, they can be re-issued if you forgot them. However, you
are right, it means (some of) the bank staff can decrypt them.

If PINs are hashed, they can only be issued once — if you forget your PIN, you
will have to ask for a new one. But this is a lot more secure:

\- no one can ever know your PIN by accessing the bank data

\- this prevents mistakes like what happened in the Adobe breach (a unique
private key for all passwords)

~~~
rajib
>If PINs are hashed, they can only be issued once — if you forget your PIN,
you will have to ask for a new one. But this is a lot more secure:

This is what I was talking about, if an encrypted pin can be decrypted by bank
staffs then it can be decrypted by others as well. I was surprised to hear
they'll send me the same pin by post in readable format. Its something like, I
am the admin of this website and I will know whatever password users will
enter, so when users forget their password I'll send it to them via email.

I believe Bank and Financial institutes should apply as secure method as
possible. Sending the Pin by post in readable format is not secure at all
(given that you cannot change the pin again)

~~~
nmc
I mostly agree. Two nuances:

\- they will assure you that the PIN re-issuing process is completely
automated, and no employee has the authority to actually read your PIN; nice
touch, but you still have to take their word for it

\- they will immediately block your card whenever you request it

So I think the most common rationale about this is along the lines of:

1\. Some clients will inevitably compromise their PIN

2\. Thus we need the system to be very good at dealing with compromised PINs

3\. So we do not need to be extra careful about PINs, because we are good at
handling compromised PINs

Do not forget they are bank. Their main and unique goal is PROFIT. Nothing
else matters, they only see the financial aspects of things.

