Because noone is out there trying to hack your bank card pin – you get that wrong a few times and the card will stop working.

Also you aren’t likely to reuse the pin from your card – if someone works it out they can’t then go and try the same email/password combination on myriad other services

In short it only *needs* to be 4 digits, that’s already 10000 different options and you get what, 3 guesses at it?