First we have to talk about how payment card PIN (Personal Identification Number) is verified. PIN can verified “offline” by the software running on the chip if you have a chip card and are paying using a chip-capable terminal and the setup is right. PIN can also be verified in “online” mode by the financial institution that issued the card or organization that processes card transactions on behalf of the financial institution.
I don’t know which algorithms are used to verify PIN in “offline” mode because implementations may be different and I’m not aware of standards for chip software.
“Online” PIN verificationPIN pad device encrypts the PIN you entered and it is sent along with a financial message to the issuer for verification. Issuers do not store the clear-text PIN and typically use a HSM (Hardware Security Module) to generate and verify PIN without revealing it in a clear-text form. In fact, issuers can store nothing at all unless they want to renew payment cards with the old PIN. Everything needed to verify the PIN is received in ISO-8583-based message:
a pinblock (encrypted PIN) a “hash” value to compare against, typically from track 2 of magnetic stripe or equivalent data from chip card a key under which pinblock was encrypted or re-encrypted during transportation a key that was used by issuer when PIN was generated or assignedThere are two algorithms used and supported by most HSMs to generate “hash” value and verify it later:
IBM 3624 offset method VISA method also known as PVV (PIN Verification Value)I have seen a few issuers that use the IBM method but in most cases the VISA method is used not only by VISA but by MasterCard and other card schemes.
PVVPVV is calculated in following way:
(PAN + PVKI + PIN) PVKey -> PVV
It takes 11 digits of PAN (Primary Account Number - your card number), a single digit PVKI (PIN Verification Key Index) usually just a constant “1”, 4 digits of PIN. Resulting 16 digits are treated as a hex representation of 8 bytes and encrypted using Triple DES PIN Verification Key. Then 4 digits are chosen out of 8 encrypted bytes using some strange algorithm.
But the main takeaway from this is that 16-digit input is turned into 4-digit output. I like to call it a hash function using cryptography. And like all hash functions also this one has collisions.
How many PINs have the same PVV?So I wrote a script and did some tests using random PAN and PIN Verification Key values. Similar results were replicated using a real HSM, a real card number and a real PIN Verification Key as well. For 10,000 input PIN values (all 4 digit values) only about 6,400 unique PVV values are calculated.
Almost every card has a set of 6 PIN values that all produce the same PVV value. Some cards have even a set of 9 PIN values with the same PVV.
To look at these results in a different way:
only 36% of PIN values have a unique PVV about 36% of PIN value have another PIN with the same PVV about 9% of PIN values have two other PINs with the same PVV etc. ConclusionThere’s 60/40 chance your card has more than one correct PIN. Just like some people win in a lottery, some manage to perform a transaction with an “incorrect” PIN and get it approved because of PVV collision.
