BS ISO 9564-1:2017

$167.15

Financial services. Personal Identification Number (PIN) management and security – Basic principles and requirements for PINs in card-based systems

Published By	Publication Date	Number of Pages
BSI	2017	42

Guaranteed Safe Checkout

Categories: 35.240.40 - IT applications in banking, BSI

If you have any questions, feel free to reach out to our online customer service team by clicking on the bottom right corner. We’re here to assist you 24/7.
Email:[email protected]

Description

This document specifies the basic principles and techniques which provide the minimum security measures required for effective international PIN management. These measures are applicable to those institutions responsible for implementing techniques for the management and protection of PINs during their creation, issuance, usage and deactivation.

This document is applicable to the management of cardholder PINs for use as a means of cardholder verification in retail banking systems in, notably, automated teller machine (ATM) systems, point-of-sale (POS) terminals, automated fuel dispensers, vending machines, banking kiosks and PIN selection/change systems. It is applicable to issuer and interchange environments.

The provisions of this document are not intended to cover:

PIN management and security in environments where no persistent cryptographic relationship exists between the transaction-origination device and the acquirer, e.g. use of a browser for online shopping (for these environments, see ISO 9564‑4 );
protection of the PIN against loss or intentional misuse by the customer;
privacy of non-PIN transaction data;
protection of transaction messages against alteration or substitution;
protection against replay of the PIN or transaction;
specific key management techniques;
offline PIN verification used in contactless devices;
requirements specifically associated with PIN management as it relates to multi-application functionality in an ICC.

PDF Catalog

PDF Pages	PDF Title
2	National foreword
7	Foreword
8	Introduction
9	1 Scope 2 Normative references
10	3 Terms and definitions
13	4 Basic principles of PIN management 4.1 General 4.2 Principles
14	5 PIN handling devices 5.1 PIN handling device security requirements
15	5.2 Physical security for IC readers 5.3 PIN entry device characteristics 5.3.1 Character set 5.3.2 Character representation 6 PIN security issues 6.1 PIN control requirements 6.1.1 PIN processing systems
16	6.1.2 Recording media 6.1.3 Oral communications 6.1.4 Telephone keypads 6.2 PIN encipherment
17	7 PIN verification 7.1 General 7.2 Online PIN verification 7.3 Offline PIN verification 8 Techniques for management/protection of account-related PIN functions 8.1 PIN length 8.2 PIN establishment 8.2.1 PIN establishment techniques 8.2.2 Assigned derived PIN
18	8.2.3 Assigned random PIN 8.2.4 Customer-selected PIN 8.3 PIN issuance and delivery to the cardholder 8.4 PIN selection 8.4.1 General 8.4.2 PIN conveyance
19	8.4.3 PIN selection at an issuer’s location 8.4.4 PIN selection by mail 8.5 PIN change 8.5.1 General 8.5.2 PIN change in an interchange environment 8.5.3 PIN change at an attended terminal
20	8.5.4 PIN change at an unattended terminal 8.5.5 PIN change by mail 8.6 PIN replacement 8.6.1 Replacement of forgotten PIN 8.6.2 Re-advice of forgotten PIN 8.6.3 Replacement of compromised PIN 8.7 Disposal of waste material and returned PIN mailers 8.8 PIN activation
21	8.9 PIN storage 8.10 PIN deactivation 8.11 PIN mailers
22	9 Techniques for management/protection of transaction-related PIN functions 9.1 PIN entry 9.2 Protection of PIN during transmission 9.2.1 PIN protection during transmission to the issuer for online PIN verification
23	9.2.2 PIN protection during conveyance to the ICC for offline PIN verification
25	9.3 Compact PIN block formats 9.3.1 PIN block construction and format value assignment 9.3.2 Format 0 PIN block
26	9.3.3 Format 1 PIN block 9.3.4 Format 2 PIN block
27	9.3.5 Format 3 PIN block
28	9.3.6 Compact PIN block usage restrictions
29	9.4 Extended PIN blocks 9.4.1 General 9.4.2 Format 4 PIN block
33	9.5 PIN block format translation restrictions 9.6 Journalizing of transactions containing PIN data
34	Annex A (normative) Destruction of sensitive data
36	Annex B (informative) Additional guidelines for the design of a PIN entry device
39	Annex C (informative) Information for customers
40	Bibliography

Additional information

Status	Revision Underway
Pages	42
Publication Date	2017-11-24
ISBN	978 0 580 90232 1
Standard Number	BS ISO 9564-1:2017
Title	Financial services. Personal Identification Number (PIN) management and security – Basic principles and requirements for PINs in card-based systems
Identical National Standard Of	ISO 9564-1:2017
Replaces	BS ISO 9564-1:2011+A1:2015, BS ISO 9564-1:2011
Descriptors	Data transmission, Banks, Information exchange, Security, Management, Identification methods, Verification, Bank accounts, Cryptography, Integrated circuit cards, Data storage protection, Data security, Credit cards, Personal identification numbers, Data representation, Finance
Publisher	BSI
Committee	IST/12
ICS Codes	35.240.40 - IT applications in banking

Preview PDF


PDF Format	Searchable	Printable	Preview Now

BS ISO 9564-1:2017

PDF Catalog

Related products