Employees are able to override the pin entering requirement. There is absolutely nothing you can do to stop this from happening if you happen to get targeted. (Speaking from experience)
It’s better than nothing that AT&T finally allows pins at all, but one thing that’s insane about it is every time you log in on the web there’s a checkbox to never ask for your pin again. It’s exactly where you’d expect a checkbox for something like “remember me”, except it opens up a huge security hole in your account if you accidentally check it.
Pins obviously have other issues that make no sense, like the incredibly low complexity allowed that would never be acceptable for a password. But even aside from that I guess AT&T also want everyone to turn their pin off? I hope they do lose a lawsuit and actually have to start giving a shit about pin swapping and make things more secure by default.
Exactly. I have a pin on my account after identity thieves opened a bunch of AT&T and Verizon accounts under my name (thanks Equifax!). Since this happened I’ve been in the AT&T stores when I bought an unlocked phone on two occasions. The employees at the store weren’t able to do a thing until I spoke with a special call center on the phone and did verifications.
One time there was something wrong on their end and no one could do anything until the system to verify my pin was back up.