Since none of us use cash anymore (except for that one guy in accounting), often your PIN code is the only thing standing between a would-be thief and the piles of treasure you have stashed in your checking account.
Actually, the card plus PIN number is a reasonably good, if simple, implementation of the “something you have” plus “something you know” principle of security. Neither the card nor the PIN number is much good without the other. (We’re ignoring the fact that most debit cards can also be processed as credit cards for the moment.)
Obviously, hanging on to the card itself is a good start, so that covers the “something you have” side of the equation. But sleight of hand, accidental drops, and old-fashioned purse-snatching still happen today.
So that leaves us with the “something you know” piece: your PIN.
Why Be Concerned About Infrared PIN Theft?
Being a security-minded person, I’m sure you’re already in the habit of covering your fingers when entering PIN numbers. After all, it takes only a tiny bit of effort, and it prevents cameras and sneaky eyes from catching what you’re entering, right?
But what about heat?
You did know your fingers transferred heat to those keys, right?
And since heat dissipates at a linear rate, the heat signature reveals not just which keys got pressed, but also the order in which they were pressed!
But that’s not really a problem, right? After all, who has equipment that can detect heat?
Until recently, the ability to walk up to a PIN pad and detect which buttons had just been pressed required an expensive (and bulky!) infrared camera that would pick up the heat signature left by your fingers.
But with the advent of relatively inexpensive ($349) iPhone attachments, infrared smartphone camera technology is easily within reach of a ne’er-do-well… especially since they might recoup that much or more in just one ATM transaction. But even for one who’s looking for something less expensive (or who uses an Android device instead of an iPhone), there’s this Kickstarter project, or even a tutorial on how to build one with an old floppy disk! (…for the Macgyver types, evidently).
In other words: stealing your PIN even up to 1 minute after you enter it is pretty easy these days.
So What’s the Solution?
It’s pretty simple, really. Just touch your fingers to several buttons and hold them there while you’re entering your PIN.
Heat multiple buttons up, obfuscate the ones you pressed.
Not so sure about all of this? Mark Rober made this video to demonstrate:
Oh yeah… and don’t use PINs that are easy to guess!