Bankers are increasingly cautioning that funds transfer systems based on personal identification numbers will need to be replaced with something more secure.
The reason is that criminals are showing a disturbing ability to beat PIN security controls. At the same time, the number and value of financial transactions protected by PINs is rising.
"I would call the PIN right now the worst security control known to man, except for one -- the signature," said Stephen Cole, chief executive of Cash Station Inc., the Chicago-based automated teller machine network.
Wider Applications
First used to protect ATM transactions, PINs are now being used in a wide range of transactions, including debit card purchases at retail stores and in home banking.
At the same time, the value of PIN-protected transactions is growing, as more consumers invest in mutual funds or buy securities from ATMs or computerized telephones in the home.
To date, PIN security controls have proved relatively effective, since fraud at ATMs and in PIN-protected debit card purchases is believed to be relatively rare.
For example, in 1991, only about half of the $18 million that banks lost in ATM transactions was attributable to fraud, according to the most recent data available from the American Bankers Association.
Con in Connecticut
But bankers worry that the incidence of fraud, especially the counterfeiting of debit cards and PINs, could rise.
Concern peaked earlier this year, when con artists planted a bogus ATM in a Connecticut mall and rigged the machine to pilfer PIN codes and card numbers that were then used to counterfeit ATM cards.
While that incident was alarming, experts say that debit card counterfeiters need not go to so much trouble.
The nightmare scenario circulating through electronic banking circles is that con artists could set up a stand on the street or at a fair, and sell, for example, T-shirts for $2 apiece.
The T-shirts would be throwaways. The real goal would be to use inexpensive and easy to handle point of sale terminals to record consumers PINs and account numbers.
"It's very hard to stop something that's mobile, and shows up at a craft fair," said Richard Lyons, executive vice president of Internet Inc., which runs the Most ATM network.
Mr. Cole of the Cash Station added that as PIN-based electronic banking becomes more prevalent, organized crime can be expected to get involved in these types of scams.
Then banks could be faced with the same soaring losses on debit cards that they now battle on credit cards, he added.
To stave off such a development, bankers are looking for newer, more secure ways to protect PINs and debit cards.
Card Giants Lead Effort
Visa U.S.A. and MasterCard International are at the forefront of the search, evaluating technologies ranging from smart cards to so-called watermarks or holographic magnetics to thwart counterfeiters.
But some bankers believe that even more advanced technologies will be needed.
Among them is the chief technology officer of one of the country's largest banks, who, in a private conversation, said that in less than five years his institution may have to start using such space-age technologies as retinal scans, electronic palm readers, or computerized voice recognition systems to verify that customers are who they say they are.
These so-called biometric technologies are now used by the military and by corporations to secure sensitive areas.
But biometrics are expensive and unreliable in a way that could cause problems for banks -- they tend to mistakenly deny access to people with proper authorization.
"There's nothing that annoys people more than being told they aren't themselves," the banker said.
The banker added, however, that in a few years one or more biometric technologies could be practical for widespread use.Calculating CashMachine CrimeAverage ATM fraud losses in1991, by bank asset size Total ATM Percentage losses per attributable bank to fraudMore than $54,058 69%$5 billion$1 billion 10,000 58to $5 billion$300 million 4,715 48to $1 billionLess than 573 49$300 millionBased on a survey of 460 banksSource: American Bankers Association
