By Nic Rigby
BBC News Online
A corrupt bank employee can discover your debit card pin number after just 15 attempts, according to a study by computer scientists in Cambridge.
The study suggests faults in pin number security
The revelation has led to calls for banks to tighten up their security systems.
John McFall MP, chairman of the House of Commons treasury committee, told BBC News Online that if the study is correct the banks need to take action.
"If this research indicates the banks need to do more it is an issue that they should take seriously irrespective of resources," he said.
Flaw in pin numbers
The concern over pin numbers comes as a trial takes place in South Africa over the withdrawal of £65,000 in cash from machines in 190 separate transactions, using a copy of a card.
Cambridge University researchers Ross Anderson and Mike Bond, who have been called as expert witnesses in the trial, believe they have discovered a flaw in the way pin numbers are generated.
We are not blasť about it, but we have good systems in place to stop this
Sandra Quinn, Association for Payment Clearing Services
Mr Bond told BBC News Online that pin numbers can be discovered because they are not chosen randomly, but based on a complex mathematical formula derived from the customer's account number.
Using a simple computer programme and mathematical tables, he was able to discover the four pin numbers after on average 15 guesses.
He said the Government should look at whether more regulation was needed to protect accounts.
'Pressure on banks'
"In the longer term there should be more interest from Government regulators on this issue," he said.
"Banks have not shown any interest in upgrading the system for choosing pin numbers."
Banks believe it is "highly unlikely" security would be breached
He thinks people concerned about the safety of their money should "put pressure on their banks to tell you what they are doing to ensure the pin numbers are safe".
"If you really feel you are at risk, you should spread your money across several banks," he said.
But fears raised by this new study are unjustified according to the British banking industry.
Sandra Quinn, of the Association for Payment Clearing Services, said banks are aware of the issues raised by the Cambridge study.
"I think it shows a clever mechanical security programme in a laboratory environment," she said.
"But all banks will have their own security with trusted personnel."
She said it was "highly unlikely" that in a real bank environment the pin number security would be breached.
Ms Quinn added: "We are not blasť about it, but we have good systems in place to stop this."
She said that pin number fraud by dishonest employees was less of a concern than thieves looking over people's shoulders to discover their pin number.