The idea for the world's first ATM machine has an unusual genesis.
Its inventor, John Shepherd-Baron, thought it up while in the bath in 1967:
"It struck me there must be a way I could get my own money, anywhere in the world or the UK. I hit upon the idea of a chocolate bar dispenser, but replacing chocolate with cash."
- 'The man who invented the cash machine' (BBC News, 2007)
The world's first personal identification number (PIN) was invented alongside it. It was used to identify codes written on cheques that were placed in the ATMs.
Payments have come a long way since then. But ultimately, they are still about helping people access and spend their money, anywhere in the world. And many of them still rely on PINs.
What is a 3D Secure PIN?
A 3D Secure PIN (3DS PIN) is a 6-digit numeric code used by a cardholder to authenticate an online card payment that uses 3D Secure protocol.
Its purpose is to help verify a cardholder's identity to their issuing bank when they make an online purchase.
Like regular PINs used at physical points of sale (POS) or ATMs, 3D Secure PINs make card payments safer, protect funds and give customers more confidence in the transaction they are initiating.
How does a 3D Secure PIN work?
Each time a cardholder wants to pay online, they must input or confirm their card details. This places an additional step into the transaction process. They are taken to a new screen and prompted to request a one-time password (OTP) or PIN.
An issuing bank might request any of the following confirmation methods:
- A one-time password. If the cardholder is requested to supply this, it will be simultaneously sent to the appropriate mobile phone number or email address
- A pre-set PIN/password. This is a predetermined password created when a card was registered for 3D Secure. It might have been chosen by the customer or provided by the issuing bank
In each case, the customer simply needs to enter the PIN to proceed with their payment to a merchant.
6 digit PIN codes vs 4 digit PIN codes
ATMs and in-store point-of-sale PIN codes usually require only four digits. These can produce 10,000 different potential combinations.
This low number of digits has the advantage of being easy to remember. However, this can also be a disadvantage as it means it's also easier for others to remember, too.
A six-digit PIN, on the other hand, has 1,000,000 potential combinations. However, some research suggests that this doesn't significantly improve the security of four-digit PINS over six-digit PINs.
The main reason for this is because users tend to use similar, easy-to-remember PINs. For example, the top 5 most common six-digit pins are:
- 123456
- 654321
- 111111
- 000000
- 123123
Knowing this makes fraud attempts easier for criminals. They can simply enter the most common PINs. These days, setting PINs with repeated or sequential numbers is generally not permitted in most cases.
How does 3D Secure 2.0 verification work?
3D Secure 2.0 verification also uses one-time passwords. In addition, it provides biometric authentication (such as fingerprint authentication), which essentially verifies the identity of a cardholder just like a PIN.
What is a one-time PIN?
A One-time password (OTP) or PIN is a form of strong authentication useful for avoiding cardholders choosing common, easy-to-guess combinations. It also has the advantage of not being something that relies on the cardholder's memory.
Another form of OTP is the time-based one-time passwords (TOTP). This has a time-limit set to it, usually of 60 seconds. Once this time-limit is up, the PIN expires.
How secure is fingerprint authentication?
The fingerprint authentication process presents fraudsters with a new problem. They can no longer rely on guessing and repeatedly attempting commonly used PINs. And unlike PINs and passwords, biometric data is saved on your device, not on servers.
Since the iPhone 5S' was first released, some users have demonstrated their ability to be 'hacked', using various means (such as finger moulds).
However, this method still gives strong benefits and protection against fraud for many users, as the hacks require relatively sophisticated schemes.
Conclusion
3D Secure PINs are 6-digit numerical codes used to authenticate online card payments that use 3D Secure protocol.
They help to verify customers' identities and make online transactions safer when they make a purchase with a merchant.
However, despite having 1,000,000 potential combinations, users tend to use similar, easy-to-remember PINs. This makes PINs easier targets for fraudsters, who are only limited by how many attempts the systems they are targeting allow.
3D Secure 2.0 verification uses one-time passwords and biometric authentication (such as fingerprint authentication), which overall increases security.
Biometric data can be hacked, but only by relatively sophisticated schemes, so it still provides strong protection against fraud for many users.
Overall, the 3D Secure PIN and other forms of strong authentication make online transactions more secure and give customers more confidence.
As with all types of technology, security will continue to evolve and offer new ways to keep card details, customers, issuers and merchants all protected in future.
Find out more about Nuvei's fraud and risk management systems.