By Voung H.
Voung oversees AML/BSA, fraud prevention, and sanctions compliance and is responsible for building data-driven controls and partners across the FIGFCU to safeguard Members and stop emerging threats.
Summary
- Changing your PIN regularly is a simple security habit that can help protect your money
- Experts advise changing your PIN every 3 to 6 months
- A strong PIN is long, avoids obvious number patterns, doesn’t re-use PINs, is memorable without being meaningful
As an agency owner, your PIN protects more than a card—it shields your operating account, commission sweeps, payroll, vendor payments, and client trust. Because agents travel, meet clients in busy places, and use ATMs and point-of-sale terminals on the go (think catastrophe deployments, conferences, hotel kiosks, gas pumps), your exposure is naturally higher. Changing your PIN regularly is a small habit with outsized impact on cash security and E&O risk.
Why PIN rotation matters for Farmers insurance agencies.
- Quiet compromises happen. Skimmers at gas pumps, keypad overlays, even someone glancing over your shoulder in a busy line can steal your PIN. Regularly changing your PIN turns stolen PINs useless.
- Reduces account takeover risk. Criminals pair card numbers with guessed or leaked PINs. Even when institutions store PINs securely, criminals constantly try to correlate partial data from multiple sources. Shortening the “useful life” of your PIN narrows their window.
- Team dynamics add risk. Even when you never share a PIN, staff turnover, shared devices, or hurried purchases increase the chance of exposure.
- Breaks predictable patterns. Many business owners choose birthdays, business addresses, or simple sequences. Regularly changing your PIN is a built-in reset that helps you move away from predictable numbers.
How often—and when—to change PINs.
Adopt a 90-day rotation for all agency debit/ATM cards, with immediate changes after:
- Travel (especially out of state), conferences, or catastrophic duty
- Card replacement, suspicious alerts, or unfamiliar ATM use
- Fraud alerts or unusual account activity
- Any situation where a PIN might have been observed or hinted at
- Using an unfamiliar ATM or finding anything “loose” on a machine
However, some argue that assuming you have a strong password, there may not be a need to change it as frequently as every 3–6 months, as it could lead to creating new passwords that are only slight variations of the previous PIN. Pick a schedule you’ll follow and avoid minor, guessable variations of older PINs.
What a strong PIN looks like
- Avoid the obvious. Skip birthdays, work addresses, repeats (1111), sequences (1234), or keypad “lines” (2580).
- When possible, go longer if available. Six-digit PINs are significantly harder to solve through trial and error until one works; digitally, this is known as a brute force attack.
- Do not reuse PINs, ever. Each card gets its own PIN; never recycle phone, alarm, or door codes.
- Memorable PINs, not meaningful. Create a private rule that only you know. Example: Take the last two digits of unrelated numbers (e.g., an internal extension, a random invoice suffix, and first two numbers of your first car’s model year) and jumble the order and you’ve got a durable, non-obvious PIN.
Agency-grade usage tips.
- Cover the keypad: Even at your regular ATM and point-of-sale terminals..
- Inspect terminals. If the ATM looks tampered or the card slot or keypad looks and feels loose, walk away. Prefer in-branch or well-lit ATMs.
- Turn on alerts. Enable real-time notifications for withdrawals, PIN changes, and card-present transactions.
- Lock when idle. FIGFCU lets you temporarily lock your cards in the Tulee app. If a card is going to remain in your offices, make sure it’s in a secured location.
- Separate spend. Issue distinct cards (with limits) for owner, ops, and field use; never let staff share a PIN.
- Document the process. Add PIN rotation to your security protocol and onboarding/off-boarding checklists. Keep a simple control: Only the owner—or a designated officer—may change a card’s PIN.
- Train your team. Five minutes at a staff meeting: show how to shield keypads, spot tampering, and escalate suspicious activity immediately.
- Don’t store it in your phone contacts or notes: Use a reputable password manager if it supports secure, offline notes protected by biometrics.
- Set a SIM PIN, too: When possible, set a SIM PIN on our mobile device. This protects text-based verification if your phone is stolen.
Implementation in one week.
- Policy: Add a 90-day PIN rotation to your written procedures and E&O risk controls.
- Inventory: List every card tied to operating, trust, and sweep accounts; assign an owner.
- Schedule: Add rotation dates on the calendar and set automated reminders.
- Configure: Enable alerts, card locks, and spend limits in your banking app.
- Drill: Run a quick exercise—simulate a lost card and execute your response steps.
How to change your PIN in Tulee.
If you have a Credit Union Debit or Credit Card, changing your PIN in Tulee is easy. Here’s how:
- Open Tulee, our digital banking platform, and sign in.
- Tap “Card Controls,”
- Tap “Change PIN” and follow the prompts.
Review the how-to video to learn more about all the things you can do with the Card Controls Tool.
Final thoughts.
Changing your PIN on a schedule is fast, free, and proven. For a Farmers Insurance Agency juggling fieldwork, vendors, and client meetings, it’s one of the simplest ways to cut fraud risk, protect cash flow, and demonstrate strong stewardship of client-related finances. Make it routine—and get back to writing business with confidence.
