every bank i've worked at and banked with has a process to issue pins via a random generator right on the spot, with only the customer, who is picking the pin, knowing what that number is...
although if you use the route you describe and ensure the customer changes the pin, there does not seem to be much issue
_________________________
Providing alternative truths since the invention of time