Millions of Dutch people at risk of fraud because they reuse PIN numbers
;%20}%20.cls-2%20{%20fill:%20url(%23linear-gradient-2);%20}%20.cls-3%20{%20fill:%20url(%23linear-gradient-4);%20}%20.cls-4%20{%20fill:%20url(%23linear-gradient-5);%20}%20.cls-5%20{%20fill:%20url(%23linear-gradient);%20}%20%3c/style%3e%3clinearGradient%20id='linear-gradient'%20x1='8.089'%20y1='-4.628'%20x2='8.089'%20y2='17.703'%20gradientTransform='matrix(1,%200,%200,%201,%200,%200)'%20gradientUnits='userSpaceOnUse'%3e%3cstop%20offset='0'%20stop-color='%23005eff'/%3e%3cstop%20offset='1'%20stop-color='%2300b2ff'/%3e%3c/linearGradient%3e%3clinearGradient%20id='linear-gradient-2'%20x1='12.007'%20x2='12.007'%20xlink:href='%23linear-gradient'/%3e%3clinearGradient%20id='linear-gradient-3'%20x1='12.007'%20x2='12.007'%20xlink:href='%23linear-gradient'/%3e%3clinearGradient%20id='linear-gradient-4'%20x1='15.926'%20x2='15.926'%20xlink:href='%23linear-gradient'/%3e%3clinearGradient%20id='linear-gradient-5'%20x1='12'%20x2='12'%20xlink:href='%23linear-gradient'/%3e%3c/defs%3e%3cpolygon%20class='cls-5'%20points='6.413%209.134%206.413%2015.125%209.765%2012.129%206.413%209.134'/%3e%3cpath%20class='cls-2'%20d='M12.492,13.663c-.302,.255-.747,.248-1.04-.018l-.698-.632-3.062,2.737h8.631l-3.062-2.737-.769,.649Z'/%3e%3cpolygon%20class='cls-1'%20points='16.613%208.25%207.402%208.25%2012.007%2012.366%2016.613%208.25'/%3e%3cpolygon%20class='cls-3'%20points='17.601%2015.125%2017.601%209.134%2014.25%2012.129%2017.601%2015.125'/%3e%3cpath%20class='cls-4'%20d='M19,2H5c-1.66,0-3,1.34-3,3v14c0,1.66,1.34,3,3,3h14c1.66,0,3-1.34,3-3V5c0-1.66-1.34-3-3-3Zm0,14.08c0,.51-.41,.92-.92,.92H5.92c-.51,0-.92-.41-.92-.92V7.92c0-.51,.41-.92,.92-.92h12.16c.51,0,.92,.41,.92,.92v8.16Z'/%3e%3c/svg%3e)
ABN AMRO warns of the danger of ‘shoulder surfing’ when using the same PIN and access codes
Six out of ten Dutch people are careless with security codes for mobile banking and payment transactions. These are the findings of a survey commissioned by ABN AMRO and carried out by Ipsos I&O. Only a third of respondents use unique codes to access their various mobile banking apps. What’s more, over four in ten rarely or never change the codes they use for banking. And many respondents occasionally allow others to watch when they key in their PIN codes. ABN AMRO has seen an increase in the number of reports of scamming after shoulder surfing, and wants to raise awareness of the risk of reusing PIN codes.
Here are the most important findings:
21% use the same PIN code for more than one mobile banking app, and only 30% use a unique PIN code for their various mobile banking apps.
44% rarely or never change the PIN code for mobile payments (such as Apple Pay and Google Pay), and 41% rarely or never change the access code for the bank app.
41% sometimes allow someone else to watch when they key in their PIN code for mobile banking.
Beware of the risk of ‘shoulder surfing’
Shoulder surfing - secretly looking over someone’s shoulder while they key in their PIN code - used to be a particular problem with payments made using a debit card. These days, it also occurs when people key in a PIN or access code on their smartphone. Not everyone seems to be aware that shoulder surfing is also a risk when making a payment using their mobile: almost half of those asked sometimes allow someone else to watch when they key in a PIN code for a mobile payment. This figure is four in ten when it comes to keying in the access code for the mobile banking app.
“If potential scammers look over your shoulder at the right moment, and then get hold of your telephone or debit card, they have access to everything: from your banking app to your DigiD,” says Marco Hendriks, Fraud Expert at ABN AMRO. “If alongside the victim’s PIN or access code, the scammer also steals their telephone or debit card, they can do practically anything: from transferring money to their own account to making purchases in someone else’s name. It’s especially important to be alert on busy public holidays like King’s Day, when crowds of people are buying all kinds of things. This vastly increases the risk of shoulder surfing.”
Convenience versus security
The Dutch do seem to be aware of the dangers. Almost two thirds of those surveyed know how risky it is to use the same PIN codes, and over half say that this also applies to rarely or never changing your codes. Hendriks: “Although we know that it’s sensible to choose a different code for everything, and to change the codes regularly, most people choose convenience over security. Reusing the same code may seem handy, but you’re actually making it easier for scammers. In other words: Same PIN? Think again!”
A third of Dutch people use a code that’s based on a meaningful date, such as a birthday or wedding anniversary. This is easy for criminals to guess. A strong password doesn’t contain personal data or recurring digits. You must never share your code, not even with someone who claims to work for the bank.
Digital security starts with simple, practical actions:
Choose a different access code for your smartphone and banking app
Change the access code regularly
Make sure that no-one is watching when you key in your codes
Block the Mobile Banking app immediately if you lose your device or if it’s stolen
END OF PRESS RELEASE
About the survey Ipsos I&O conducted the survey in April 2025 on behalf of ABN AMRO. The random sample comprised 1000 Dutch people aged 18 years and over, and was representative in terms of age, gender and region.