PIN security

[s0h0us () yahoo com]

This inquiry is more intended for those of you in the banking industry but I would appreciated everyone's comments.

I am recommending increasing the number of characters required to create a PIN (this gives access to both phone and 
Internet Banking). Transactions allowed over these means are limited. The risk here is associated with possible 
identity theft but more so insider fraud.(creating bogus accounts and internally transferring funds from compromised 
accounts)
I am also recommending that accounts that have not been electronically accessed during the past 12 months(phone or 
internet) using a PIN, should be disabled and require a re-PINning at next login.
I'm looking for comments regarding this topic of PIN security:
Should users be require to rePIN every x amount of months?
Is requiring that dormant accounts be disabled reasonable?
What about actual account numbers? should they contain a certain number characters (min. 8)?
Part of the authenticating process also requires providing answers to chanllenge questions, should these be updates 
every so often?
Part of my recommendations need to take into the consideration the impact on the customers and the financial 
institution itself.
Thanks is advance for your thoughts and comments