Do You Shield Your PIN at the Store?

| January 15, 2012 | Comments (1)

When you approach an Automated Teller Machine, or ATM, it is widely accepted that there will be at least one camera that is fixed on your actions.  Typically, this is a facial shot, and law enforcement uses these videos to capture your face and assist in crime investigation.  While it is not with 100% accuracy, the ATM card holder can be relatively certain that the images and video will only be used for this explicit purpose.

Now fast forward to your traditional retail store.  Similarly to the bank, one can be relatively sure that a closed-caption television system is used at all but the smallest retail establishments.  Grocery stores, pharmacies, your big-box stores traditionally utilize a camera at the Point of Sale (POS).  However, unlike the banks or ATMs, these cameras are not directly at the terminal; rather, fixed above the general checkout area.  With debit card transactions utilizing a PIN to authenticate your purchases, does it not stand to reason that by not shielding your PIN entry, that there is a better chance that anyone watching the video signal can see your secret PIN?

You may be thinking that the risk is negligible; perhaps it is.  But let’s take it a step further…  Did you use a customer loyalty card?  If so, where else do you use that PIN?  On taxes?  On your garage door entry?    Your mobile phone’s voicemail?  The introduction of the customer loyalty card, and its ability to mine your personal shopping habits provides a convenient bridge between what you do at the store, and where you go when you leave the store.

The lesson here is that we tend to take for granted the eyes that are observing our actions.  By observing your surroundings and locating cameras and shoulder surfers, you can protect yourself from many of those meddling eyes.  Shielding your PIN is a simple, yet effective means of ensuring the security of the PIN.  From a personal standpoint, I also have learned to use different fingers for different keys to add an additional layer of protection from guessing based on the micro-muscle twitches of your arm and fingers.  Is it overkill?  Not to the person who has been hacked!

What are your thoughts?

Tags: , , , , , , ,

Category: Learning Opportunities

About k0nsp1racy: Hi There! I am currently an independent consultant with a wide range of experience in information security, organizational behavior, and psychology. With an undergraduate degree in Computer Science, I can bang out a mean Turbo Pascal or COBOL program. With my Master's Degree in Information Security Management (MISM) I can tell you what is wrong with an organization's security department. With my Master's Degree in Business Administration (MBA), I can forecast and explain how you don't have enough money allocated to your security departments initiatives. Finally, upon the completion of my Doctorate in Organizational Management within Information Technology, I will be able to tell you why your staff is leaving for greener pastures or how to make them work smarter. I have deferred my student loans nearly as far as I can by remaining an active student in studying the hands-off aspects of information security, yet is just curious and resourceful enough to remain semi-relevant among techies that are much smarter than I am. I am a proud supporter of Hackers For Charity and the Wounded Warrior Project, and am always looking to do something new and interesting that advances the profession. View author profile.

Leave a Reply

You must be logged in to post a comment.