Should one change the credit card PIN?

by Shijaz Abdulla on 10.01.2010 at 18:50

I recently got a new VISA credit card from a bank in Qatar. The  system-generated PIN for the card came in a tamper-evident envelope by postal mail along with the card.

Following a well-known security best practice, I decided to change the PIN on the card immediately. So today, I went to my nearest ATM machine and inserted the credit card. There was no option to change the PIN from the ATM machine.image credit:

Puzzled,I went ahead to call the bank’s customer care unit at about 17:45 today, the 10th of January. An impolite, yet ignorant customer care agent answered my call and I had an interesting discussion. Here’s a re-collection from memory:


Me: I have a QIIB credit card and I want to change the PIN. How do I do that?

Customer Care Agent: You can’t change your PIN.

Me: What? What if I NEED to change the PIN

CCA: They will issue you a new card.

Me (more puzzled): What if someone sees my PIN and I want to change it immediately?

CCA: You have to contact your branch. They will cancel your card and issue you a new one.

Me: WOW. Is that your bank’s policy? Why??

CCA (stereotypically): This is from Credits Card Department – they told us like this.

Me: Usually, all banks tell us to change our PIN regularly – its safer.

CCA (rude, and arguing): No, no – THIS (not changing the PIN) is safer.

Me (agitated): What if I’m shopping with my credit card at a store and while I’m entering my PIN someone sees the PIN. What do I do?

CCA: You shouldn’t let others see your PIN.

Me: I know that. But what if someone sees it? (repeat) All banks ask us to change our PIN regularly for security purposes.

CCA: Didn’t you know about this when you applied for the card?

Me: No

CCA (rude and blunt): This is the year 2010. How come you don’t know?

(I should have probably asked him that question first)

Me: I know this is the year 2010. And I know that changing the PIN regularly is more secure. For your information, I work in the Information Security space and I know what I’m talking about!

Just tell me if it’s your bank’s policy not to allow changing PIN on credit cards?

CCA: Yes. that’s the policy.

Me: OK – that’s all I want to know, I already know it’s 2010. Good bye.


That was a thoroughly agitating experience.I don’t know if all banks follow this policy, but to me this is ridiculous. I’m leaving this thread open to your comments – write a comment below on what you think about this encounter and the PIN change policy.

As for me, I’ve decided to keep a lower credit limit and use the card solely for online shopping, where I don’t need to enter a PIN.

Digitally sign your email for free

by Shijaz Abdulla on 03.07.2007 at 10:05

Thawte gives away free personal email certificates at their website.

A thawte Personal E-mail Certificate in conjunction with the thawte Web of Trust allows you to secure and guarantee authorship of your e-mail communications by digitally signing and encrypting your e-mails.

IN SHORT: A personal email certificate lets you digitally sign all your outgoing email so that the recipient knows that you sent it!

Click here to get a certificate.

A word of caution here, read everything carefully whilst you apply for digital certificate. Remember the password and the question-answer pairs otherwise you will *never* be able to get another certificate for the same email ID. Also keep your password totally secret – a recipient can take you to court for documents that appear to be digitally signed by you, but was in reality signed in your name by an identity thief!