The use of various kinds of payment cards such as credit, bank and ATM cards in various electronic payment terminals and automata is increasingly based on identifying the cardholder with the aid of a secret identification number (PIN, Personal Identification Number). This PIN is kept secret, known to the cardholder alone; it cannot for ease of remembering be written on the card nor kept in clear text form in conjunction with the card.
PIN systems of current payment cards are usually based on a solution in which the PIN is created by calculation from card number, using an algorithm which is controlled by a secret key. As a result, the cardholder has not heretofore had any chance to influence the selection of PIN for his card. This implies that a customer holding a number of payment cards has to memorize a number of different PINs; this is an inconvenience in using the cards and adds to the chances of error.
In order to make the memorizing of PINs easier, designs have been worked out which enable the customer to select his PIN, may be divided into two main classes, depending on whether or not the PIN-validation procedure involves data which is dependent on the PIN and is recorded on the card. Off-line-based validation procedures usually involve the recording on the card of data (PVV, PIN verification Value) calculated from the PIN. Therefore, the customer should already select his PIN at the card ordering stage because it has an effect on the data contents which have to be recorded on the card. In on-line systems, the PIN can be validated using a file maintained in the central system and, therefore, the selection of a PIN is not necessary before the card producing stage.
Commonest at the moment are those PIN validation procedures in which a PVV encoded on the magnetic stripe of the card is employed. In such card systems, implementation of a customer-selected PIN is problematic, primarily because the selected PIN should, in connection with application to the card, be conveyed to the card issuer s data system under such secrecy that it cannot at any stage in connection with processing the card application be read in clear text form.
One solution that has been in use heretofore is based on a selection form, mailed to the customer after his returning the card application, on which the customer writes the PIN which he selects, without this form revealing the sender s personal data in clear text. The system identifies the sender by a reference number that has been printed on the form by the issuer. The drawbacks of this method are high postage costs and extra work, delays and costs from processing the separate form parts.
Another solution in present use is based on a concealing form resembling a scrape to-reveal lottery ticket by which the person ordering a card is enabled to convert the PIN he selects into encrypted form and to send it in together with the order form. The drawbacks of this procedure are the costs due to printing and security technology associated with the concealing form, and possibilities of error inherent in the interpretation of manually written manuals.