Skip to main content
This guide explains how PIN codes should be created, updated, and validated for cards issued through the API. It focuses on security requirements and the logical flow — not implementation details.

Setting or changing a PIN

A PIN can be set or changed after a card is issued. The PIN must always be chosen by the cardholder.
For the exact API call, open the Cards API reference.

PIN security requirements

To ensure cardholder safety and prevent unauthorized access, every PIN must follow strict security guidelines:

Length requirements

  • Minimum length: 4 digits
  • Maximum length: 12 digits

Prohibited PIN patterns

To avoid easily guessable PINs, the following patterns must not be allowed: No simple sequences Examples:
  • 1234
  • 2345
  • 0123
  • 4567
No repeated digits Examples:
  • 0000
  • 1111
  • 9999

Cardholder best practices

To increase security, cardholders should be instructed to:
  • Use a PIN that is not used for other bank cards
  • Avoid using personal information (birthday, phone number, address)
  • Change their PIN immediately after suspicious activity
  • Never share their PIN with anyone, including support staff
  • Memorize the PIN instead of writing it down or storing it unencrypted