Nudging Bank Account Holders Towards More Secure PIN Management

AuthorGutmann, Andreas; Renaud, Karen; Volkamer, Melanie
TypeConference Proceedings
AbstractThe memorability of PINs is an enduring security issue. This is especially pertinent in the context of banking, where technical systems evolve more slowly than in other contexts (e.g. many mobile phone operating systems have adopted alternative authentication mechanisms). Banking customers who struggle to memorise all their PINs often record them, sometimes insecurely, flying in the face of advice from their banks. Banks respond to memorisation difficulties by permitting customers to change their PINs. The reality is that both recording and changing unwittingly weakens the mechanism by increasing predictability. Yet trying to forbid these coping strategies is futile. It is far better to acknowledge the prevalence of such behaviours and to try to nudge people towards more secure PIN management. In this paper, we suggest a way of achieving this.
InJournal of Internet Technology and Secured Transaction (JITST), p.380 - 386
PublisherInfonomics Society