As the story goes, when John Shepherd-Barron[1] was working on the original ATM system, he originally planned 6 digits, but reduced it to 4 because his wife wasn't able to consistently recall a 6 digit random number.
If true (and it sounds at least plausible), then the sheer number of legacy devices that expect a 4 digit PIN (including hardware crypto modules, which cost an absolute fortune to design and verify)
And, of course, a numeric keypad is much smaller and easier to design around than a full qwerty (and probably internationalises better as well)
The Cambridge Uni security group have a nice paper on PIN security in more detail, if you're interested[2].
If true (and it sounds at least plausible), then the sheer number of legacy devices that expect a 4 digit PIN (including hardware crypto modules, which cost an absolute fortune to design and verify)
And, of course, a numeric keypad is much smaller and easier to design around than a full qwerty (and probably internationalises better as well)
The Cambridge Uni security group have a nice paper on PIN security in more detail, if you're interested[2].
[1] https://en.wikipedia.org/wiki/John_Shepherd-Barron
[2] http://www.cl.cam.ac.uk/~jcb82/doc/BPA12-FC-banking_pin_secu...