Monzo urges 480k customers to change their pin numbers
theguardian.com“And as your bank, we keep a record of your PIN so we can check you’ve entered it correctly. We store them in a particularly secure part of our systems, and tightly control who at Monzo can access them.” What? They store device PINs? I worked on several mobile banking apps and although not directly on the crypto part - I know that the PIN never left the device and the bank didn’t know the PIN. It was just a part for generating/signing operations. I think an SRP (secure remote password) protocol was used in this case - where the password is never transferred over the wire.
From the sounds of it, Monzo was/is using customer (card) PINs as a security passcode within their app itself. Hence on 2 operations in the app (cancelling a standing order, and getting a reminder of your card number), it was being logged due to a misconfiguration.
I was of the understanding that it was accepted best practice for a bank to never use the user's card PIN anywhere except card authentication, for this very reason (and even then, to handle it particularly carefully).
It seems that treating the PIN as a general authentication factor within the app might well be convenient for users (only 1 PIN to remember), but then this exposes their card PIN as seen here (which is used to prove you authorized a transaction yourself). The notion the PIN itself was stored in a secure part of the system to "control which staff members could access them" is at odds with how banks used to handle PINs - which is that no staff can see them, and they're held in hardware security modules, which validate encrypted incoming PINs and say "yes" or "no".
Some of the banks use SRP-like setups for app-based credentials - I've seen some clever symmetric hash-based implementations of a challenge response protocol that can be backed by a HSM - low entropy credential info (3 characters from a password) is hashed together with a session salt (presumably) generated by the HSM, and the hash is sent to the HSM, which can say "yes" or "no".
For debit card PINs, the bank needs the ability to verify the PIN, for ATM or magnetic stripe online authentication transactions I believe, but this could again be handled by HSM. Not sure why they were using card PINs as a generic password, and storing them at all retrievably by staff. I wonder if this is complaint with best practice in banking?