PIN Scandal 'Worst Hack Ever'

QuietLagoon writes "The evolving Citibank PIN scandal is getting worse with each passing day. Gregg Keizer of TechWeb News writes: 'The unfolding debit card scam that rocked Citibank this week is far from over, an analyst said Thursday as she called this first-time-ever mass theft of PINs 'the worst consumer scam to date.' ... The problem...is that retailers improperly store PIN numbers after they've been entered, rather than erase them at the PIN-entering pad. Worse, the keys to decrypt the PIN blocks are often stored on the same network as the PINs themselves, making a single successful hack a potential goldmine for criminals: they get the PIN data and the key to read it.'"

Re:Why only 4 digits?

[cimmer]

I couldn't tell you, but I wouldn't feel much safer with a longer pin code. If someone gets your card number, what's the chance they'll guess the right one out of 10,000 before the bank shuts the card down? If someone steals a bunch of pin numbers from a computer system, it doesn't really matter if they are 4 digits or 9 digits - the end result is the same. The one advantage I can see with longer pin numbers is that they'd be harder to shoulder surf, but like I said, that wouldn't make me feel much safer. I think a better question is when ATMs will start using two factor authentication.