1

The following image shows a PIN entry device which shuffles the digits.

. via twitter

I've seen this question, but it doesn't cover why companies are still doing this.

I looked at the POS PIN Entry Device and the Software-based PIN Entry on COTSSecurityRequirements requirements and neither of them seems to have anything about shuffling the digits.

Is there a requirement or specification that I'm missing?

Nemo
  • 1,567
  • 1
  • 13
  • 11
  • *I'm* not aware of any, but I'm not confident enough in that to provide an answer. – Bobson Jul 28 '19 at 16:23
  • 1
    This seems to be a rather poor attempt to defeat shoulder-surfing, at the cost of making it infinitely more likely that people will put in the wrong pin. Honestly, it almost looks like a bug, to me... – Nic Jul 28 '19 at 20:18
  • It's to make it harder to guess the PIN from the fingerprints. This is a touchpad, after all. – Simon Richter Dec 09 '21 at 13:54

1 Answers1

-1

There is no fixed requirement to do this, in any standards I am aware of.

I understand the thinking behind it - you'd think it could make it harder to shoulder surf, however in my experience it makes it easier to shoulder surf, as the person keying in the code will now need to check visually for each digit, rather than being able to type them in from memory.

Rory Alsop
  • 61,367
  • 12
  • 115
  • 320