NTA Monitor

Latest News

New version of network scanning tool arp-scan released

15th March 2011 A new version of a respected and popular network scanning tool has been released. Read More

Tests show rise in number of vulnerabilities affecting web applications with SQL Injection and XSS most common flaws

1st March 2011 SQL injection and cross-site scripting (XSS) were the most common flaws found in web applications in 2010 according to results from tests carried out by NTA Monitor. Read More

Assess risk to manage effects of budget cuts

9th February 2011 Signs of economic recovery may be appearing in some industries, but for most organisations - particularly in the public sector - budget cuts and cost savings are here to stay for the foreseeable future. Read More

"Basic security threats not changed in 15 years"

1st February 2011 There may have been significant technological advances to the hardware and software organisations use, but according to Roy Hills, who co-founded NTA Monitor in 1996, the basic security threats have not changed in the last 15 years. Read More

Women less security conscious than men with PIN numbers

Women take security much less seriously than men when it comes to dealing with PIN numbers, according to a new survey out today.

A poll of over 500 men and women, undertaken by internet security testing specialist, NTA Monitor, shows that when choosing PIN numbers, 20% more women than men are concerned with how easily they can remember their PIN numbers, rather than how secure they are.

The NTA Monitor 2004 PIN Number Survey also shows that women are twice as likely to choose one PIN number to cover all their debit/credit cards, as they are to choose different numbers.

The advent of Chip and PIN technology means there are currently 20 Chip and PIN transactions taking place every second in the UK and Roy Hills, technical director, of NTA Monitor warns PIN number security is now more important than ever: "Credit card fraud in the UK is growing rapidly and currently costs the industry over £400 million a year - equivalent to £4 for every credit and debit card issued in the country. Over the next two years, fraud levels are expected to rise to over £800 million."

When talking about authentication, there are three possible factors:

Fraud reduction has been a strong argument in favour of Chip and PIN implementation. The Chip is a smart card and cannot be skimmed like its predecessor, the magnetic strip card, and combines two of the authentication factors. Two-factor authentication is a lot harder for a fraudster to compromise because if the card is stolen, usually the person still retains their PIN number, but if the PIN is compromised, the thief needs the credit card as well in order to make a transaction. However, it is still incumbent on card users to ensure their PIN numbers are as secure as possible.

"Two thirds of the women we questioned are using the same PIN number for all their cards, making them a more vulnerable target for fraudsters," continues Hills. "It only takes someone to see you entering your PIN number, then if your cards are stolen and one number fits all, they will have access to all your accounts."

Worryingly, another key finding from the NTA Monitor 2004 PIN Number survey reveals that 8 out of 10 people never change their PIN numbers, and of those that do, only one in 10 change their PIN numbers more than once a year.

Hills continues: "Whilst changing PIN numbers frequently can by cumbersome, with the need to memorise them, we advise everybody to change their PIN once a year, or at least every time they are issued with a new card."

On a positive note, it seems that writing PIN numbers down to remember them is a thing of the past. The majority of people surveyed, over 80% of both men and women, now memorise their PIN numbers.

NTA Monitor offers the following advice to ensure PIN number security:
  1. It is not necessary to use a PIN number for telephone, online or mail order purchases, so never give out your PIN number when making these types of transactions.
  2. When choosing a PIN number make sure it is memorable but not too obvious - avoid numbers like 1111 or your date of birth.
  3. Never share your PIN number with anyone. If you suspect someone knows your PIN number, request a new one from your bank immediately.
  4. If you have a joint account, cardholders should have individual PIN numbers.
  5. Avoid writing your PIN number down, but if you have to, never keep it with your card.
  6. If you have more than one card, have separate PIN numbers for each one.
  7. Don't be afraid to shield the Chip and PIN terminal when you are entering your PIN number.
  8. Change your PIN number(s) once a year, or at least every time you are issued with a new card.
  9. Check your account details regularly for any suspicious transactions. If you see anything untoward, report it to your bank immediately.

NTA Monitor surveyed 526 people at Central London high street locations from 23.11.04 to 25.11.04. The 95% confidence interval for this sample size is ± 4%.

This article was first released on: 10th December 2004