American Express reduces potential credit card PINs from 10,000 to 366
Incident Date: August 2003
Incident Location: USA
During the activation of an American Express credit card a customer discovered that the system would only accept four digit PINs that corresponded to dates. The automated system said that other customers liked the idea of using their motherís birthday as the PIN. The customer found that only dates in the format of MMDD were allowed. This restriction effectively reduced the total possible number of PINs from 10,000 to 366.
The customer was able to choose a PIN not meeting this standard by speaking with a customer service agent at American Express, but was cautioned against straying from this easily remembered format.
Title: American Express Security
Author: Nicholas Singer
Publication Location: USA
Publication URL: http://www.schneier.com/crypto-gram-0308.html
Do you have additional information to contribute regarding this story? If so, please email firstname.lastname@example.org with the details and source.