Why Are ATM Card PINs Usually Just 4-Digit Long?

Unless you’ve been living under a rock, you surely have a bank account. And these days, that is synonymous with having an ‘ATM card’ or a debit/credit card. As you already know, in order to use such cards in ATMs or at POS (point of sale) terminals in grocery stores or supermarkets, you have to authenticate it using a unique 4-digit number known as a PIN (Personal Identification Number).

You cannot use an credit/debit card at an ATM if you don’t know its PIN.

You have almost certainly observed another rather interesting thing about these PINs – the fact that they are usually just 4 digits in length. One would expect that the card PIN, which protects your entire bank account, and, in turn, stores your hard-earned money, would be much more complicated… but it’s not!

On the other hand, the numerous accounts that you have on the Internet usually urge you or even compel you to choose hard-to-guess passwords that consist of various special characters.

In fact, if you have access to the ‘Internet banking’ feature of the very same account, you’d know that the bank website makes it mandatory for you to choose a password that consists of at least one numeric digit and a special character. Also, many banks go a step further and make it mandatory for you to change your passwords every 2-3 months! Clearly, banks want to make sure that you choose a very ‘intelligent’ password for your online account, so why are most ATM card PINs (usually) just 4 digits long?

Methods of authentication

The major forms/techniques of security revolve around these three things: something you are, something you know and something you have.

In some places, you are granted/denied access to highly confidential areas following a retinal scan. Retinal tests, like fingerprint tests, tongue print tests etc. fall under the realm of biometrics (something you are).

Ratina Scan

Retinal scans fall under ‘something you are’. (Photo Credit : Cpl. Christopher O’Quin / Wikimedia Commons)

Similarly, the passwords to your online accounts fall under ‘something you know’. Finally, an ATM card comes under the category of ‘something you have’.

When you have an ATM card and its PIN with you, you check two of those three types of security, i.e. ‘something you have’ (the card itself) and ‘something you know’ (the PIN). Therefore, banks and financial institutions allow you to have just a 4-digit PIN, as it’s comparatively easier to remember than a 6- or 7-digit one. However, it also makes the PIN (a little) more vulnerable to attempts of brute forcing, but that’s a tradeoff between convenience and a limited threat.

Brute forcing ATM PINs

Brute forcing is an attempt to determine a password by systematically trying every possible combination of numbers, alphabetic numerals and symbols until the correct combination is arrived at.

Brute forcing is a common way to hack passwords. (Photo Credit : PSU.EDU)

Brute forcing in the case of ATM PINs would mean that a hacker would try combinations like 0000, 0001, 0002, 0003 and so on. They could also try the most commonly used PINs first, like 1234, 4321, 2222, 9999 etc. until they arrive at the right combination and hit the jackpot (pun intended).

Why ATM PINs are (relatively) safe against brute forcing?

Fortunately for users of ATM cards, banks establish a limit as to how many times one can enter an incorrect PIN while using your card. Thus, if you enter wrong PINs three times in a row, your card will likely get blocked (at least for that day). Then you have to actually go to the bank and get a new card.

This means that a person would first have to have your card, and they would then get only 3 attempts to gain access to your account. Although tools do exist that make brute forcing relatively easier than what it appears on the surface, for an average person (who somehow got their hands on your card), determining your 4-digit PIN through pure guessing is very, very unlikely.

One does nt simply determine someone else's atm pin by guessing meme

That’s why banking institutions allow their ATM PINs to be just 4 digits in length. However, it doesn’t mean that you should choose a 4-digit PIN. The more digits you add to your PIN, the safer it gets (although it becomes a little harder to remember too). For that reason, many banks make it mandatory for their users to choose 6-digit PINs.

John Shepherd-Barron

This British inventor named John Shepherd-Barron pioneered the development of the Automatic Teller Machine aka ATM.

John Shepherd-Barron

John Shepherd-Barron (Photo Credit : hk01)

Initially, Barron also proposed 6-digit PINs, but when he tested this system on his wife, Caroline, she told him that the longest string of numbers that she could remember was 4. Consequently, he switched from 6-digit PINs to 4-digit ones, and ATMs became more popular. It wasn’t long before 4-digit PINs became the world standard.

References

  1. The University of Virginia
  2. University of California, Santa Cruz
  3. Information Technology – University of Florida
  4. The University of Arizona, Tucson, Arizona
  5. Washington University in St. Louis
The short URL of the present article is: http://sciabc.us/PInKB
Help us make this article better
About the Author:

Ashish is a Science graduate (Bachelor of Science) from Punjabi University (India). He spends a lot of time watching movies, and an awful lot more time discussing them. He likes Harry Potter and the Avengers, and obsesses over how thoroughly Science dictates every aspect of life… in this universe, at least.

.
Science ABC YouTube Videos

  1. Why Do You Hear A Rumbling Sound When You Close Your Eyes Too Hard?
  2. Hawking Radiation Explained: What Exactly Was Stephen Hawking Famous For?
  3. Current Vs Voltage: How Much Current Can Kill You?
  4. Coefficient Of Restitution: Why Certain Objects Are More Bouncy Than Others?
  5. Jump From Space: What Happens If You Do A Space Jump?
  6. Does Earth Come To The Same Spot Every Year On Your Birthday?
  7. Bird Strike: What Happens When A Bird Strikes An Aircraft?
  8. Google Maps Secrets: How Exactly Does Google Maps Work?

Get more stuff like this
in your inbox

Subscribe to our mailing list and get interesting stuff and updates to your email inbox.