Stephen Mason & Nicholas Bohm take issue with the PIN requirements of Santander
Santander UK plc has recently imposed on its UK banking customers the requirement that the personal identity number (PIN) for their accounts must be unique. This is coupled with a prohibition against the recording of the PIN: a combination which we believe places customers in such difficulty that the terms are unfair.
A unique PIN
Clause 9.7(k) of Santander’s General Terms and Conditions Current Accounts and Savings Accounts (effective from 1 January 2013) provides that the customer must “take reasonable steps to keep your PIN or Personal Security Details unique to the accounts that you hold with us”. Although it is not clear what “reasonable steps” the customer must take, the PIN must be unique to the accounts that the customer holds with Santander.
Memory
There is a considerable amount of published research on the topic of memory, and the human need to write down complex passwords (for a general introduction, see Wendy Moncur and Dr Grégory Leplâtre, “PINs, passwords and human memory” Digital Evidence and Electronic Signature Law Review