You can test is yourself with a custom/bot client and logs timers , there is a split milliseconds response delay from the servers (about 0.075) if you enter the CORRECT number on your bank pin so right now all you need to do to bypass someone's bank pin is just use a small script to count the milliseconds between entering number X on your pin to the server response in each number from 0-9 for 4 times and click exit after each time you enter a number to avoid getting locked out for 15min/1hour , this is a major bug in security and apparently it been there for decades and it also explains how some people posted here about how they got there bank hacked even though the pin was still in place when they logged back in, I won't be surprised if this can't even be patched.
External link →