Paul Guthrie writes:
Well, I have to disagree with Steve here. Although I’m sure there are
counterexamples, banks don’t use ATM PIN #s for online banking. In
fact PINs are kept away from anything that doesn’t use *hardware
encryption*. As you pointed out, much of this is mandated by the ATM
network rules.
Paul’s generally correct re: use of PIN’s for online banking access — although the practice seems to vary bank by bank. BITS published a white paper last month titled Fraud Prevention Strategies for Internet Banking. The white paper recommends (p.17) that a self-selected Internet password (up to 20 characters) should be used to replace use of the PIN post-authenticating the customer for online account access.