diff --git a/cashonly/core/auth.py b/cashonly/core/auth.py
new file mode 100644
index 0000000..dcf7e3f
--- /dev/null
+++ b/cashonly/core/auth.py
@@ -0,0 +1,27 @@
+from django.contrib.auth.models import User
+from cashonly.core.models import Account
+from cashonly.core.services import AccountManager
+
+
+class UsernameCardnumberPinBackend(object):
+    def authenticate(self, username=None, card_number=None, pin=None):
+        if username is not None and card_number is not None:
+            raise ValueError('username and card_number are mutually exclusive')
+        if username is None and card_number is None:
+            raise ValueError('either username and card_number is required')
+
+        try:
+            if username is not None:
+                user = User.objects.get(username=username)
+                account = user.account
+            elif card_number is not None:
+                account = Account.objects.get(card_number=card_number)
+        except User.DoesNotExist:
+            return None
+        except Account.DoesNotExist:
+            return None
+
+        accmgr = AccountManager(account)
+        if accmgr.check_pin(pin):
+            return account.user
+        return None