Ask HN: Why is Target storing PIN numbers?

8 points by whyme ↗ HN
I obviously don't understand the merchant process as well as I had thought since I had always believed the PIN was only used during the transaction for validation. I was surprised when I discovered, via the Target story, that companies are actually storing my PIN to disk.

I'm seriously wondering why no one else is asking this question in the news, and I'm considering changing my PIN every week now.

4 comments

[ 0.19 ms ] story [ 23.1 ms ] thread
I think it was a man-in-the-middle attack, so everything during the transaction was stolen.
Target did not store the PINs. Storing PINs is forbidden by the PCI (Payment Card Industry) rules. If a merchant stores PINs or CVCs (Card Verification Code), he will lose access to the credit card system, and can't sell nuthin' no more.

The PINs were skimmed by malware in the POS devices.

Changing your PIN periodically is not a bad idea.

The scale of the attack had me thinking the PINs were taken from a server. I feel much better with the answers provided here, but yeah, I'm still going to start changing my PIN periodically. At what frequency I'll have to see...

Thanks for all the answers.