I thought this was normal? They'd have two separate mailings sent from two locations such that they would only meet at the destination's mailbox on separate days. Then, after receiving the card, it'd have to be activated by calling an 800 number and giving some information, at which point they might also force a PIN change.<p>Also, he worries about the PIN being stored somewhere in plain text. If one-way hashes were used, anyone obtaining the hash would only need to test it against 10k possible values to get the original.
His real problem seems to be they sent him his PIN when he didn't ask for it.<p>As for sending the PIN in the mail, sometimes people forget their PIN. He lists three forms of communication he claims are more secure: voice, fax & inbox on the https site. Banks can more easily verify the mailing address because it's easier. At least with that you've got a mailman checking that the name matches the address. I realize that's not foolproof, but what is? It's easier than trying to verify a phone or fax number actually belongs to the right person. And with https, not everyone owns a computer, but it's rare for a bank opening an account for someone without a fixed address. Even when account statements are sent to a P.O. Box, they generally ask for a physical address for their records.<p>All three can be secure if there's proper authentification, but again, if he didn't need or ask for it in the first place then that's the real problem.<p>Edit: another problem with voice is the the bank employee on the other end of the line has to be able to see the plaintext PIN to speak it. Banks I have worked at strictly limited the number of people with access to that info, you couldn't just walk up to a teller and have them look up your PIN, for example.
Re: Stored hashes - they can be stored encrypted while the company can still retain the ability to decrypt them. This is how you store credit card numbers.<p>They may have generated a new PIN and it just happened to be his old one? Could be.<p>Do they send it registered mail? What would happen if someoene did get to your mail before you - could they use the card? what would the bank do when informed of it?<p>Whwther or not it's bad for you, the consumer, depends on all these things.
Agreed that it's not the best solution, but it is what every bank (at least here in the UK, and from the sounds of it, in America too) does.<p>As to storing the PIN in plaintext, that's not even the bank's decision, a single bank can't decide to go against the entire chip+pin system.<p>Side question: AFAIK, chip+pin is far less common in America than in UK/Europe, with many people still using magnetic+signiture. Am I out of date, or is this still the case?
I initially rolled my eyes at the rant, but he does make some good points.<p>I've never thought about it before, but a bank really has to reason no send your pin number to you in print, or store it in a form that they could access.<p>Or do they?