FlexiPIN takes aim at phishers, skimmers

Will this Australian security prototype protect bank customers from hackers?

An Australian inventor says his flexible personal identification number is the answer to baffle cyber crooks and ATM skimmers.

The FlexiPIN is a form of two-factor authentication that exercises its user's intellectual muscles rather than relying on a device such as a mobile phone or a token.

The user needs to know four numbers, as they would with a traditional PIN, but these are combined using a formula in different ways each time the user enters their authentication details. Users registered with their financial institution or e-commerce provider prior to first using the FlexiPIN to determine their formula and other details.

Inventor Gabby Molnar said the system relied on the user being able to do simple mathematics in their head to access their account.

"A person who tested my program works for the police and she had her card skimmed not so long ago - she's about 28 years old and she had no problems whatsoever," Molnar said. "She said it's even easier to remember than her regular PIN."

The user chooses two numbers and then a formula (such as adding the first integer of the PIN to the minute displayed on screen) and from those selects where the resulting sum is placed in the PIN's chain.

Molnar said that using such a system it would be safe to share FlexiPINs with friends for one-time transactions and keystroke loggers would be powerless because the keys would be different each time.

He said the probability of guessing the code was 7000 to one.

Molnar, who had a background developing e-commerce websites, wanted to speak to banks and providers of physical security systems to licence to them the concept on which a patent is pending.