American Express reduces potential credit card PINs from 10,000 to 366

Incident Date: August 2003
Incident Location: USA

During the activation of an American Express credit card a customer discovered that the system would only accept four digit PINs that corresponded to dates. The automated system said that other customers liked the idea of using their motherís birthday as the PIN. The customer found that only dates in the format of MMDD were allowed. This restriction effectively reduced the total possible number of PINs from 10,000 to 366.

The customer was able to choose a PIN not meeting this standard by speaking with a customer service agent at American Express, but was cautioned against straying from this easily remembered format.


Story Sources

Title: American Express Security
Author: Nicholas Singer
Date: 8/15/2003
Publication: Crypto-Gram
Publication Location: USA
Publication URL: http://www.schneier.com/crypto-gram-0308.html


Do you have additional information to contribute regarding this story? If so, please email siteupdates@passwordresearch.com with the details and source.

<-- Back to Authentication Story Index





[Home] [About Us] [News] [Research]

Copyright © 2016 PasswordResearch.com