I have just been sent a new credit card after the previous plastic was cloned and fraudulently used.
Now I know a random number is a random number, but I laughed aloud when I scratched off the PIN mailer to see "1111".
Apparently 20% of all PINs are accounted for by 0000, 1111, and 1234, so I'll change it.
I am genuinely surprised that the top ranking sequences aren't excluded from the default numbers issued. Assuming professional fraudsters are likely to try it, 20% chance of cracking the code in three goes isn't acceptable security.
Incidentally, the cloned card has never been out of my sight during a transaction. I'm pretty sure it was cloned by swiping at a fuel station about a month ago - I did the usual chip and pin thing and it rejected, and the assistant just took the card out and swiped it through the reader. The three fraudulent transactions were all swipes, not chip and pin.
|