For the interested: enforcing no palindromes and unique digits reduces the number of possible PINs by about a factor of 2, bringing it down to 5040 4-digit combinations.
The formatting ate your *'s but I understand. That's definitely the better way to reason the problem. In my defense it was late (after a trip to the bar) and my code is basically stream of consciousness.
Bank PINs aren't really about password strength though. To prevent brute force, they simply block access after n tries (usually n = 3). They are just a way of preventing access to the card in case of loss or theft. So as long as there are enough combinations to make the chance of a successful brute force after three tries small enough, it doesn't really matter how strong the password is.
For online banking, there are usually added security schemes and the PIN isn't used at all.
