 | Hi y’all —
My brain has many flaws. Aside from its apparent inability to produce serotonin, it also has this annoying habit of permanently saving random stuff in my memory.
I’m not talking about normal things like the preamble to the Constitution or the interjection song from Schoolhouse Rock. I’m talking about truly absurd, never-gonna-need-to-know-this facts, like the specific manner in which Nick Jonas used to eat his cheeseburgers, the exact outfit I wore on my first day of eighth grade, and all the words to Aaron Carter’s “That’s How I Beat Shaq.”
The problem is that because my brain is full of this information, there’s no room for actual data I need to retain. Take my ATM PIN, for example. If I misplace my PIN, it’s a whole thing: I have to call the bank, prove my identity, admit to my mistake, wait for a new PIN in the mail…. it takes a long time, and for some reason they’ll never let me fix it online.
I decided to investigate. What should I do if I forget my PIN? Why is it so hard to reset?
I contacted Paul Benda, senior vice president for operational risk and cybersecurity at the American Bankers Association, to get a peek behind the curtain. Benda told me that a PIN — formally, a personal identification number — is the authenticator that makes sure the person who’s using the card is legit.
“It’s kind of like your fingerprint on your phone or the pattern you use to unlock your phone,” Benda says. “It ensures that whoever holds that item is the one authorized to use it.”
Mathematically, there are 10,000 possible ways the numbers 0 through 9 can be used to create a four-digit PIN. If a bad guy can put in three random PIN guesses before the system locks them out, that theoretically means he has a 0.03% chance of guessing correctly and accessing money that doesn’t belong to him. | When I enter my PIN into an ATM or card reader, Benda says that the card networks have a secure way of matching up my code to my account. (It’s kind of like the billing address process from last week.) Because of this, it’s important to keep my PIN secret.
Cyndie Martini, the president and CEO of Member Access Processing, told me that’s long been the message. Martini worked in a credit union’s card processing department in the ‘90s, and part of her job was to encourage members to keep their accounts secure — “don’t share your PIN, make sure people don’t see your PIN, and, really, don’t trust anyone with your PIN.”
In fact, Martini said in the early years, fraudsters would physically wait by mailboxes if they knew somebody was getting a new debit card in order to steal it. Then they’d come back 7 to 10 days later to take the piece of paper containing the PIN.
“In the beginning, if you had a card and you had a PIN, you essentially had complete access to that individual’s funds, which is a scary thing,” Martini adds.
That’s why banks try to separate my PIN info from my card info. That’s also why Home Depot made such a point about how no debit PIN numbers were compromised in the statement it made after its 2014 data breach. (Spoiler: Fraud happened anyway.)
PINs are such a high-security subject that financial institutions typically make customers call or, in some cases, physically come in to reset their PIN.
“There is so much fraud committed now on cards that financial institutions need to be extra careful in how they manage any type of security request,” Martini adds.
On top of that, bank representatives generally can’t access the algorithm to generate a random PIN. They’re not being annoying because they think it’s dumb that I forgot my super-important bank code. They can’t tell me what my PIN is because they genuinely don’t know it.
The mechanics vary by bank. Some allow me to reset my PIN via an app, but the most risk-averse “will require voice and verification and standard PIN mailing or a reset that takes a process to make sure that you, the consumer, are not going to bear any kind of fraud from that transaction,” Martini says. Other providers can reset my PIN with a little machine in house, but often they can only change it to something generic — not tell me what it used to be.
If I lose my PIN and I think a criminal could use it to access my account, Benda says to contact my bank immediately. Ditto if I just forget it.
What I shouldn’t do is change my PIN to something easy to remember — this isn’t secure. A data scientist analyzed 3.4 million leaked PINs a few years ago, and he found that nearly 11% of PINs were 1234. Another 6% were 1111. Also in the top 20 most popular PINs were 0000, 1212 and 7777. |  | (but please don't tell me you scrolled past all of my hard work)
If used properly, PINs are hella safe, and financial institutions make people who forget them jump through hoops for safety reasons.
The landscape is changing with the introduction of biometrics, which Martini says “are definitely the way of the future.” ATMs will eventually start using fingerprints, face scans and palm readings. But PINs probably aren’t going away anytime soon, so I should memorize mine. | | check out this crazy celebrity purchase | Rapper Nicki Minaj wore a $50 pair of pink Crocs in an Instagram post last week. Oh, and did I mention that they were dripping with Chanel diamond Jibbitz? The shoe decorations are so exclusive and expensive that I couldn’t even find a ballpark estimate of how much they cost. Anyway, Minaj’s photo caused pink Crocs sales to surge nearly 5,000%. My, my, my, my — the Barbz want to be pelican fly. | | five things I'm loving online right now | | 1 | I’m obsessed with LOVETRIS, a remix of the puzzle game Tetris that always gives you the exact block you need to get rid of a line. Gizmodo put it best: “The unpredictable challenge is what makes the game so addictive, but sometimes that’s not what you’re after. For those times when you’re in desperate need of a win, playing Lovetris is like giving an addled brain a soothing massage.” Who doesn’t want that? | | 2 | Guys. There is a place in England called The Golden Retriever Experience that is literally a big meadow where you can go and hang out with a bunch of Golden retrievers for eight hours and oh my God I think I need to travel there immediately. | | 3 | Check out this cool website that lets you see what the internet (specifically, sites like The New York Times and YouTube) looked like 10 years ago. | | 4 | Letter of recommendation for r/tinyanimalsonfingers, which is a subreddit just for — you guessed it — tiny animals on fingers. Recent posts include photos of a tiny starfish on finger, a tiny gecko on finger and a tiny swordfish on finger. | | 5 | Do I need this Taylor Swift letterman jacket-style folklore sweatshirt? Yes, right? (Don’t look at the price, thanks.) | | | send me cute pictures of your pets, please | | Meet Cinnamon (middle name Bun), a rescue chihuahua mix. Cinnamon loves the beach, belly rubs and peanut butter. Only her snaggle tooth is privy to her pawsonal identifurcation number. | See you next week.
Julia
P.S. I loved your replies to last issue about moving/shipping/billing addresses. Scholar Judy said her daughter’s addresses have appeared on her credit report before, and Scholar Steve is on his own address-changing journey because he just moved after 26 years in the same house. Scholar Mary wrote in to say that her first stimulus check got mailed to the wrong address — but thankfully, it was just the vacant lot next door.
P.P.S. Have you ever forgotten something important? What’s the smallest animal you’ve ever seen? How much would you pay for diamond-studded Crocs? Dolla Scholla holla at your scatterbrained correspondent by emailing julia.glum@money.com or tweeting @SuperJulia. | | | This newsletter is free because Money earns a commission when you click or make purchases from the links in this email and on our site. We also receive compensation for some of the products and services featured in this message. Offers may be subject to change without notice. Learn more about how we make money.
Privacy Policy • Advertise With Us • We're Hiring!
To stop receiving these emails, unsubscribe or manage your email preferences.
Copyright ©2021 Ad Practitioners, LLC. All rights reserved.
Metro Office Park Calle 1, Building 7 Suite 204, Guaynabo, 00968 Puerto Rico, USA
| | | | | |
