In a French bank 10 years ago, their e-banking system was recording the actual values you typed in, their order in your 6 digit PIN, and your username. The logs were dropped on a share drive so that backup can pick them up. The shared drive was read only to "Everyone".
IT fought hard and long on the risk of this whole 'setup'. They agreed when I reconstructed 5 PINs (I stopped at 5, point was made). CTO was cool about this, insisting "what are the odds of this happening?" COO & CEO had a totally different (more sensible) opinion.
IT fought hard and long on the risk of this whole 'setup'. They agreed when I reconstructed 5 PINs (I stopped at 5, point was made). CTO was cool about this, insisting "what are the odds of this happening?" COO & CEO had a totally different (more sensible) opinion.