CONTINUE TO SITE »
or wait 15 seconds

Blog

Double-encrypted PINs provide extra layer of protection in breaches

January 6, 2014 by Dan Kramer — Senior Vice President, Marketing & Merchant Servic, SHAZAM

As Target breach updates continue to roll out, PIN compromise is among the hot topics. The question as to whether PINs were exposed in the holiday-season incident gained steam when JPMorgan Chase imposed limits on daily ATM withdrawals for affected cards.

Target has since confirmed that PINs were compromised, but insists hackers will be unable to crack the encryption code that protects them.

Understandably, consumers are nervous that a PIN compromise could put their money at even greater risk, as counterfeit artists can more quickly and easily steal cold hard cash from an ATM. It’s much easier to swipe an odd-looking counterfeit card at an ATM than to hand it over to a store clerk. But it’s not possible to walk away from that ATM with money unless the fraudster also knows the PIN associated with their counterfeit card.

Not many consumers understand the level of encryption that accompanies a PIN as it travels through the payments system. Unlike much of the mag-stripe data on a credit or debit card, PINs are essentially double encrypted, making them extremely difficult for hackers to read even if they do gain access to them.

PINs are first encrypted at the point of sale. They are then encrypted a second time as they travel from the processor back to the merchant for verification of available funds.

This is among the reasons that the PIN remains one of the most secure authentication methods available. It’s also one of the reasons card-not-present fraud remains as high as it is. Because acceptance of PIN in online environments is minimal, fraudsters can more easily access the accounts of their victims via e-commerce.

Most cardholders affected by the Target breach have likely been contacted by their issuing financial institution and may also be protected with real-time fraud prevention tools that will decline suspected transactions immediately upon attempt.

Bottom line, all consumers should feel safe continuing to use their debit cards and their PINs at the ATM and the POS.

Shazam continues to monitor the situation and provide customer updates. In addition, the company will waive fees associated with compromised card issuance and reduce the cost of plastics to customers for affected cards.

Read more about security.

About Dan Kramer

None

Connect with Dan:

Related Media

Security
Examining biggest ATM security issues and 4 strategies to prevent them
Security
Banking privacy: 5 benefits for banks, customers
Security
Protecting an ATM's hardware, software by slowing down criminals
On-Demand Webinar
A Masterclass in ATM Security: Global Best Practices and Trends
Presented by Diebold Nixdorf
Recent Posts


©2025 Networld Media Group, LLC. All rights reserved.
b'S2-NEW'