Dos and Don’ts while entering your Debit Card PIN at Retail Outlets

From December 1st, 2013 onwards, the Reserve Bank of India has made it mandatory for debit card holders to use their ATM PIN for carrying out debit card transactions at any retail store.


To put this system into place, all banks were instructed by the RBI to upgrade their Point of Sale (PoS) infrastructure. The deadline was November 30th.

Parag Rao, head of card payment products and merchant acquiring service at HDFC Bank said, “Our back-end system is in place and we have made changes in all our PoS and merchant outlets to accept PIN (basically ATM PIN) from tomorrow.”

The primary advantage of this measure is clearly the reduction in cases of fraud. Without this system in place, if your card goes into the wrong hands, then it will be used for illegal transactions at retail stores that accept card payment.

However, one plausible disadvantage of punching your PIN at a merchant store is revealing your PIN to others which include the cashier and other customers in your proximity.

So here are some Dos and Don’ts to remember while you are entering your PIN at a retail store for a debit card transaction:

1. Never give away your debit card PIN to the cashier, even if they ask for it. Ask for the machine and punch the pin yourself.

2. While you are entering your PIN, ensure that it is not being watched by anyone (shoulder surfing). To avoid this, ideally all retail stores should provide customers with a separate enclosure where they can punch in their PIN; something similar to what is set up in a voting booth.

3. If you feel that the cashier or other people might be watching your PIN, then hide the key panel with one hand and enter the PIN with the other. It is natural to feel a little hesitant about this, but it is for your own safety.

4. At certain retail stores, entering your debit card PIN by yourself may be a little troublesome and you have to let the cashier do it for you. In such cases, prefer carrying cash instead of using your debit card.

5. If you have used your card for international transactions (even once), then your bank must replace the card’s magnetic stripe with EMV (Europay, MasterCard and Visa) chip-based cards. This has been instructed by the RBI. If your bank has not done so, please make an inquiry about it.

In the wake of this security measure mandated by the RBI, State Bank of India has issued a notice advising customers not to hand over their ATM-cum-Debit card to anyone.

The RBI has also stated that, any losses incurred by customers due to misuse of their cards post 30th November, will be borne by the bank the customers are associated with. Needless to say, if you happen to lose your card and incur any loss, then approach your bank immediately.

Here’s a blog post where Quick Heal CTO, Mr. Sanjay Katkar speaks about how to recover your money if your bank account is hacked or your card details are stolen.

Data Source:

Rajiv Singha

Rajiv Singha


Your email address will not be published.


  1. Not safe at all, any body see what you feed and pick your pocket

  2. Avatar sadashiva raoDecember 9, 2013 at 12:39 PM

    In spite of the RBI guidelines for must PIN (both Credit and Debit card)the payment was done with even asking for PIN. POS owner told me that they can bypass this rule without any problem. This is not the case with one Bank.

  3. Avatar sadashiva raoDecember 9, 2013 at 12:40 PM

    In spite of the RBI guidelines for must PIN (both Credit and Debit card)the payment was done without even asking for PIN. POS owner told me that they can bypass this rule without any problem. This is not the case with one Bank.

  4. Avatar R KrishnamurthyDecember 9, 2013 at 12:46 PM

    Changing password/ PIN at regular intervals (say 15th of every month)is also definitely worth doing. Only ensure you remember with some easy association / mnemonic code.
    Virtual Key Board can also be made mandatory for POS places for use of Debit Card.OR a standard piece of cover ( made in plastic or thick glazed paper) can provided which covers the hand to avod visibility for the persons standing close to the user of the card.This proviso is viable(cost) instead of seperate enclosure.

  5. Avatar Dr P K GuptaDecember 9, 2013 at 2:05 PM

    Please ask the POS terminal to be covered by a perforated (Big hole) Plastic or Metal cover ( Like I saw in China ).

  6. would it not be safe if we receive an otp to complete the transaction?

  7. This is not at all safe. In hurry, chances are there to make mistake and not able to follow the precautions stated. god know that is the reason behind this. It has become more risky.

  8. It is always better, rather it is safe to immediately change the pin at the end of the day after the transactions at POS.

  9. Not safe, until machine is provided close counter covering key pad, etc. >If a person has one arm then, how he can hide the key panel. Pls make user friendly.

  10. Avatar DR DHARMENDRA TRIVEDIDecember 10, 2013 at 12:40 PM

    Good step taken by RBI towards safety of internet bankings,more should take immidiate

  11. i want to know that while buying anything from flipkart or any other site for the payment through debit card they provide the option for entering pin. is it safe? kindly reply..

    • Rahul Thadani Rahul ThadaniJune 24, 2014 at 10:07 AM

      Hi Prativa,

      When you place an order online from a reputed portal like Flipkart, and a few others, it is safe to enter these details. However, ensure that the page you are entering the details is genuine. To do so check for the HTTPS before the web address in the URL bar and also look for the padlock symbol. Also, do not enter such details in a public machine in a cyber cafe or on your own PC/smartphone over a public Wi-Fi connection. If these steps are followed, your details should be safe and sound.

      Best regards.

  12. Who hits the enter button after giving the ATM pin at POS.. ideally it should be the customer as that sets the end of the passing transaction.. what say as a retail outlet may punch something else after by correct four digit..