Should one change the credit card PIN?
I recently got a new VISA credit card from a bank in Qatar. The system-generated PIN for the card came in a tamper-evident envelope by postal mail along with the card.
Following a well-known security best practice, I decided to change the PIN on the card immediately. So today, I went to my nearest ATM machine and inserted the credit card. There was no option to change the PIN from the ATM machine.
Puzzled,I went ahead to call the bank’s customer care unit at about 17:45 today, the 10th of January. An impolite, yet ignorant customer care agent answered my call and I had an interesting discussion. Here’s a re-collection from memory:
***
Me: I have a QIIB credit card and I want to change the PIN. How do I do that?
Customer Care Agent: You can’t change your PIN.
Me: What? What if I NEED to change the PIN
CCA: They will issue you a new card.
Me (more puzzled): What if someone sees my PIN and I want to change it immediately?
CCA: You have to contact your branch. They will cancel your card and issue you a new one.
Me: WOW. Is that your bank’s policy? Why??
CCA (stereotypically): This is from Credits Card Department – they told us like this.
Me: Usually, all banks tell us to change our PIN regularly – its safer.
CCA (rude, and arguing): No, no – THIS (not changing the PIN) is safer.
Me (agitated): What if I’m shopping with my credit card at a store and while I’m entering my PIN someone sees the PIN. What do I do?
CCA: You shouldn’t let others see your PIN.
Me: I know that. But what if someone sees it? (repeat) All banks ask us to change our PIN regularly for security purposes.
CCA: Didn’t you know about this when you applied for the card?
Me: No
CCA (rude and blunt): This is the year 2010. How come you don’t know?
(I should have probably asked him that question first)
Me: I know this is the year 2010. And I know that changing the PIN regularly is more secure. For your information, I work in the Information Security space and I know what I’m talking about!
Just tell me if it’s your bank’s policy not to allow changing PIN on credit cards?
CCA: Yes. that’s the policy.
Me: OK – that’s all I want to know, I already know it’s 2010. Good bye.
***
That was a thoroughly agitating experience.I don’t know if all banks follow this policy, but to me this is ridiculous. I’m leaving this thread open to your comments – write a comment below on what you think about this encounter and the PIN change policy.
As for me, I’ve decided to keep a lower credit limit and use the card solely for online shopping, where I don’t need to enter a PIN.
Shijaz Abdulla is a Partner Technology Advisor at Microsoft, helping their top tier partners build on their Microsoft practice. He is also a trusted advisor to medium enterprise customers in Qatar. He is a blogger, tech enthusiast, and a Microsoft evangelist.
#Creditcard #fraud discussion with Ignorant QIIB customer care agent – http://tinyurl.com/yghkwwg #Qatar
Bank says don't change credit card PIN, ever! – http://www.microsoftnow.com/2010/01/should-one-change-the-credit-card-pin.html
This stunning example show the lack of security awareness among bank customer service representatives.
i have the same exp from doha bank.. im using doha bank CC from last 4 years.i used the first PIN untill they changed the card after two years. Now im using the same pin from last one and half year……
I have same experience with my Credit card(Visa) from Ahli united bank Bahrain,
I think its a regional thing. The bank I’m talking about in this post is Qatar International Islamic Bank.
These banks should be taught about security from scratch!
Poorest policy ever!!
I work in a bank and am over our debit cards. This cusotmer service rep and the bank,if that is truly their policy, is NUTS! Of course you should be able to change your PIN. The bank should never know what your pin is, this could create fraud within their card department. Image this….I work in the card dept and have access to all your personal info that is required nowadays…this mean your card number, your name and address, your phone, mothers maiden name, SSN and what do you know…your PIN. The only thing I dont have is your 3 digit number on back. Well I can just make a card and use it where that number isnt needed, no problem. I suggest to our customers, change your PIN once a year. (BTW, they tell us what they want the first time for a PIN one is not issued)We mark thru the PIN with a black marker, scan the doc so you can not see thru the marker, and shred the original form. Tomas…there is great customer service out there. you just have to shop around.
This is clearly the most insane non-secure bank I have ever heard off. I would get me money out there ASAP.
I have lived in 3 countries and banked at more than 20 banks. The most common policy I have ever had is typcially.
1. Receive new card in mail.
2. Call bank computer to activate card.
3. Set the PIN I want to use with card.
This is rediculous, I have changed my PIN a few times and know for a fact that most banks do incorrage you to change it. That bank either has a really stupid employee or they need to change their policy.