Also, PINs (also IDs, SSNs, phone numbers, etc.) should not be treated as numbers, even though they are numeric. They should be strings. Your example gives a good reason: if the user enters something like 0000000012345, it'll match the PIN 12345, if you input the PIN as a number. If you input the PIN as a string instead, only the correct PIN will match.
