Because people struggle to remember even one PIN, especially if it's needed infrequently or in a stressful situation. I'm not being snarky here, it's happened to me. Could not remember my one, main PIN on one particularly stressful day. Went home, slept, and no problem the next day.
So remembering a PIN that most people will never need to use in a stressful situation? Unlikely to be useful for the majority of people.
Way easier, just have a set of 9 icons (flower, sun, etc) shown after every pin entry. Your "true" icon will proceed, all other icons will trigger duress and proceed.
Way easier, just have a set of 9 icons (flower, sun, etc) shown after every pin entry. Your "true" icon will proceed, all other icons will trigger duress and proceed.
This is familiar.
I had a bank that, when you set up your PIN, required you to also pick an icon. There was a flower, and a cat, and a dog, and some other generic pictures.
When you put your card in the ATM and entered your PIN, you also had to pick the right icon.
I wonder if this was the start of a duress system the bank was setting up. The bank ended up getting eaten by another bank and then another bank, and the icon selection system went away.
For some reason I don't associate it with a bank (they have a personal phrase they include in official messages), but do with one of the SSO accounts I had, and feel pretty confident it wasn't Google.
No, it is an obvious solution to anyone who wants to solve the problem, and have never seen this in the wild (probably because I live in a relatively safe country where you don't have to fear to get mugged at an ATM).
EDIT: This should be coupled with a "secret" icon that is shown (or a specific order of the 9 icons you have to chose from) to prevent MITM/Phishing attacks. If you realize the icon/order is not the one you are used to, you are being phished.
Alternatively: same PIN/password as normal, but alter the last character. Better if it’s any incorrect last character. That allows you to stick close to your normal routine while in a stressful situation.
At 4 digits, with a 10 character alphabet, you are looking at a 1% reduction in pin space. Contrast this with the 90% reduction in pin-space you get by not using a 5th digit.
If we had duress codes for ATM, and it’s widely known, then someone with a gun will just threaten me to not use my duress code. I’m not going to bet my life in that scenario.
In the physical security example (door with a pin pad lock), entering the duress code gives no indication that you had done so. The door opens, just as it should (i.e., the guy standing behind you forcing you to open doors is unaware). But security has been (silently) alerted. ATM duress codes would work the same (I would hope).
First off, just because they have a gun doesn't mean they're going to risk a capital crime over under a grand in cash. Sure, some people will, but that number is much smaller than the number of people not even holding a real gun.
The duress code could do any number of things, too. Trigger a silent alarm, for example, at the bank branch and/or police. Show a randomized, lower available balance. Mark the dispensed bills.
Fact of the matter is that banks don't care; it's not "their" money when someone steals from you at an ATM. That's why you never see any sort of anti-robbery systems in ATM lobbies.
Cops don't care either. If you're lucky they write a report.
But...steal from the bank and every cop in town will hunt you down.
The famous socialite was found guiltu of defrauding investors and banks (whos literal job us to access risk) but not the poor woman che parted with savings.
Head of Theranos was found guilty of defrauding investors who did no real due dilligence, but not patients.
Don't change anything about the behavior of the ATM, just alert the police. If people are being robbed at gunpoint don't try and be a hero over a couple grand.
How many people chill out after an atm robbery? It seems a bit of over engineering when I would assume 99.9% of atm robbers are gone 30 seconds after an atm pin is typed.
ATMs can be configured for all kinds of amounts. It's up to the bank.
In the mid-90's, my father's bank would let him specify a withdrawal amount down to the cent. He could take out $53.17, and the machine would spit out $53 in bills, and 17 cents would roll down a chute into the coin tray.
In the late 90's, I had a bank that allowed almost any withdrawal amount. I know I took out $700 once for an emergency car repair.
I think a big reason the banks limit the amount of money you can take out is so they don't have to refill the machines as often. It's a cost-saving measure for them.
There are higher limit ATMs and accounts. Some Chase and Citibank accounts go up to $5000 iirc.
Usually there’s a “rich people” account with different limits and services. I knew somebody once who could call their guy have money delivered by courier in NYC.
Personally, I'm wondering why ATMs don't have this feature.