It's not the case, it depends on the issuing institution.
Also, there is a practical requirement to have it short; as physical merchants value quick processing, and having to type&re-type long passwords delays other people behind you - so they want long PINs to be unpopular.
Also, there is a practical requirement to have it short; as physical merchants value quick processing, and having to type&re-type long passwords delays other people behind you - so they want long PINs to be unpopular.