Home
Organisation team
Photo
People(Members of action)
Report on facebook
Report on Twitter
History of Twitter
Leadership of Twitter
Appearance and features of Twitter
Usage of Twitter
Finances of Twitter
Technology of Twitter
Developers of Twitter
Society and Twitter
Television and Twitter
Contact



Personal identification number


A personal identification number (PIN), or sometimes redundantly a PIN number, is a numeric or alpha-numeric password used in the process of authenticating a user accessing a system.

The PIN originated with the introduction of the ATM in 1967, as an efficient way for banks to dispense cash to their customers. The first ATM system was that of Barclays in London, in 1967; it accepted cheques with machine-readable encoding, rather than cards, and matched the PIN to the cheque. 1972, Lloyds Bank issued the first bank card to feature an information-encoding magnetic strip, using a PIN for security.

In the context of a financial transaction, usually both a private "PIN code" and public user identifier is required to authenticate a user to the system. In these situations, typically the user is required to provide a non-confidential user identifier or token (the user ID) and a confidential PIN to gain access to the system. Upon receiving the user ID and PIN, the system looks up the PIN based upon the user ID and compares the looked-up PIN with the received PIN. The user is granted access only when the number entered matches with the number stored in the system. Hence, despite the name, a PIN does not personally identify the user. The PIN is not printed or embedded on the card but is manually entered by the cardholder during automated teller machine (ATM) and point of sale (POS) transactions (such as those that comply with EMV), and in card not present transactions, such as over the Internet or for phone banking.

One of the earliest ATM models was the IBM 3624, which used the IBM method to generate what is termed a natural PIN. The natural PIN is generated by encrypting the primary account number (PAN), using an encryption key generated specifically for the purpose. This key is sometimes referred to as the PIN generation key (PGK). This PIN is directly related to the primary account number. To validate the PIN, the issuing bank regenerates the PIN using the above method, and compares this with the entered PIN.

The VISA method is used by many card schemes and is not VISA-specific. The VISA method generates a PIN verification value (PVV). Similar to the offset value, it can be stored on the card's track data, or in a database at the card issuer. This is called the reference PVV.

To validate the PIN, the issuing bank calculates a PVV value from the entered PIN and PAN and compares this value to the reference PVV. If the reference PVV and the calculated PVV match, the correct PIN was entered.

Many PIN verification systems allow three attempts, thereby giving a card thief a putative 0.03% probability of guessing the correct PIN before the card is blocked. This holds only if all PINs are equally likely and the attacker has no further information available, which has not been the case with some of the many PIN generation and verification algorithms that financial institutions and ATM manufacturers have used in the past.

In 2002, two PhD students at Cambridge University, Piotr Zielinski and Mike Bond, discovered a security flaw in the PIN generation system of the IBM 3624, which was duplicated in most later hardware. Known as the decimalization table attack, the flaw would allow someone who has access to a bank's computer system to determine the PIN for an ATM card in an average of 15 guesses.

A mobile phone may be PIN protected. If enabled, the PIN (also called a passcode) for GSM mobile phones can be between four and eight digits and is recorded in the SIM card. If such a PIN is entered incorrectly three times, the SIM card is blocked until a personal unblocking code (PUC or PUK), provided by the service operator, is entered. If the PUC is entered incorrectly ten times, the SIM card is permanently blocked, requiring a new SIM card from the mobile carrier service.