iTnews

Wallet thieves have chance at guessing card PINs

By Staff Writers on Feb 24, 2012 5:50PM
Wallet thieves have chance at guessing card PINs

British researchers calculate probabilities.

A "competent" thief could guess the four-digit PIN of one payment card in every 11-18 wallets they stole, according to University of Cambridge researchers.

The research [pdf] is based on a mathematical analysis of two leaked datasets combined with the results of a survey of 1177 people.

The research project aimed to estimate the difficulty of guessing a human-chosen four-digit PIN.

Banks and credit card operators often allow customers to change their PIN, rather than use a supplied number.

Of those surveyed by researchers, 1108 had a PIN with exactly four digits. About 63 percent said the PIN was the one supplied by the bank or was one from a previous bank.

Another 21 percent used "pseudo-random" digits extrapolated from a phone number or other identification number.

Of those users found to have "non-random PINs", the highest proportion used a date for their four-digit PIN. Common were birthdays (theirs or a partner's) or an important life event.

In percentage terms, nearly seven percent of those surveyed based their PIN on their birth date.

The researchers said the incidence of birth dates as PINs - and the fact a stolen wallet often contained forms of identification with birth dates - could make "manual guessing by thieves [a] worthwhile" exercise.

"A lost or stolen wallet will be vulnerable up to 8.9 percent of the time in the absence of denied PIN lists, with birthday-based guessing the most effective strategy," the researchers said.

Banks could ameliorate some risk by blacklisting users from setting their PINs as a birthdate or an otherwise common set of numbers, such as 1234, the researchers said.

However, they also noted that "preventing birthday-based guessing requires a move away from customer-chosen PINs entirely".

Got a news tip for our journalists? Share it with us anonymously here.

Copyright © SC Magazine, Australia

Tags:
birthdate cambridge cards credit debit number pin security stolen university wallets

Partner Content

One way SD-WAN can save business leaders' time
Partner Content One way SD-WAN can save business leaders' time
Setting a path to self-funded mainframe-to-cloud modernisation with Micro Focus
Promoted Content Setting a path to self-funded mainframe-to-cloud modernisation with Micro Focus
Why companies fail at picking cloud modernisation partners
Promoted Content Why companies fail at picking cloud modernisation partners
As Australian companies lean more heavily on the cloud, edge security is finding its stride
Partner Content As Australian companies lean more heavily on the cloud, edge security is finding its stride

Sponsored Whitepapers

DevSecOps: A framework for digital innovation
DevSecOps: A framework for digital innovation
Encryption: Protect your most critical data
Encryption: Protect your most critical data
Overcoming data security challenges in a hybrid, multicloud world
Overcoming data security challenges in a hybrid, multicloud world
Move beyond passwords
Move beyond passwords
The top 5 tech trends to deliver business outcomes
The top 5 tech trends to deliver business outcomes

Events

  • On-Demand Webinar: How Poly and Microsoft are Embracing Future Work Environments
By Staff Writers
Feb 24 2012
5:50PM
0 Comments

Related Articles

  • Wallet thieves have chance at guessing card PINs
  • Levandowski gets 18 months in prison for stealing Google files
  • NSW unis taken to task over poor cyber stance
  • eftpos applies to become first non-govt digital ID exchange operator
Share on Twitter Share on Facebook Share on LinkedIn Share on Whatsapp Email A Friend

Most Read Articles

TPG Telecom to start enticing NBN customers to move

TPG Telecom to start enticing NBN customers to move

CBA becomes first 'Big 4' data recipient under CDR

CBA becomes first 'Big 4' data recipient under CDR

NSW Police green-lights Mark43 for $1bn COPS overhaul

NSW Police green-lights Mark43 for $1bn COPS overhaul

Urgent patches out for exploited Exchange Server zero-days

Urgent patches out for exploited Exchange Server zero-days

You must be a registered member of iTnews to post a comment.
Log In | Register
All rights reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorisation.
Your use of this website constitutes acceptance of nextmedia's Privacy Policy and Terms & Conditions.